Deterministic random output from constant seed

Seeding routine uses a constant seed making the output deterministic

expand all in page

Description

This defect occurs when you use standard random number generator functions that have deterministic output given a constant seed.

The checker detects this issue with the following random number generator functions:

  • C Standard Library functions such as srand, srandom and initstate

  • OpenSSL functions such as RAND_seed and RAND_add

  • C++ Standard Library functions such as std::linear_congruential_engine<>::seed() and std::mersenne_twister_engine<>::seed() (and also the constructors of these class templates)

Risk

With constant seeds, random number generator functions produce the same output every time your program is run. A hacker can disrupt your program if they know how your program behaves.

Fix

Use a different random standard function or use a nonconstant seed.

Some standard random routines are inherently cryptographically weak, and should not be used for security purposes.

Examples

expand all

#include <stdlib.h>

void random_num(void)
{
    srand(12345U);
    /* ... */
}

This example initializes a random number generator using srand with a constant seed. The random number generation is deterministic, making this function cryptographically weak.

Correction — Use Different Random Number Generator

One possible correction is to use a random number generator that does not require a seed. This example uses rand_s.


#define _CRT_RAND_S
#include <stdlib.h>
#include <stdio.h>

unsigned int random_num_time(void)
{

    unsigned int number;
    errno_t err;
    err = rand_s(&number);

    if(err != 0)
    {
        return number;
    }
    else
    {
        return err;
    }
}

Result Information

Group: Security
Language: C | C++
Default: Off
Command-Line Syntax: RAND_SEED_CONSTANT
Impact: Medium
CWE ID: 330, 336

See Also

| | |

Topics

Introduced in R2015b

Polyspace Bug Finder Documentation

Support