diff --git a/rules/S4347/highlighting.adoc b/rules/S4347/highlighting.adoc index d59f2a52da0..12b061beb6c 100644 --- a/rules/S4347/highlighting.adoc +++ b/rules/S4347/highlighting.adoc @@ -1,4 +1,10 @@ === Highlighting -The call to SecureRandom.setSeed() or the SecureRandom(byte[]) constructor call +When the random number generator's output **is not** predictable by default: +* The constructor or method call where the predictable seed is set. + +When the random number generator's output **is** predictable by default: + +* The first method call to generate a random value. +* (Secondary) The creation of the random number generator. diff --git a/rules/S4347/impact.adoc b/rules/S4347/impact.adoc index 8747b0e595c..228d158117c 100644 --- a/rules/S4347/impact.adoc +++ b/rules/S4347/impact.adoc @@ -1,8 +1,8 @@ === What is the potential impact? -It is crucial to understand that the strength of cryptographic algorithms heavily relies on the quality of the random numbers used. By improperly seeding the `SecureRandom` class, we introduce a significant weakness that can be exploited by attackers. +It is crucial to understand that the strength of cryptographic algorithms heavily relies on the quality of the random numbers used. By improperly seeding a CSPRNG, we introduce a significant weakness that can be exploited by attackers. ==== Insecure cryptographic keys -One of the primary use cases for the `SecureRandom` class is generating cryptographic keys. If an attacker can predict the seed used to initialize the SecureRandom instance, they may be able to derive the same keys. Depending on the use case, this can lead to multiple severe outcomes, such as: +One of the primary use cases for CSPRNGs is generating cryptographic keys. If an attacker can predict the seed used to initialize the random number generator, they may be able to derive the same keys. Depending on the use case, this can lead to multiple severe outcomes, such as: * Being able to decrypt sensitive documents, leading to privacy breaches or identity theft. * Gaining access to a private key used for signing, allowing an attacker to forge digital signatures and impersonate legitimate entities. diff --git a/rules/S4347/message.adoc b/rules/S4347/message.adoc index fbb32b551be..72e4fce0803 100644 --- a/rules/S4347/message.adoc +++ b/rules/S4347/message.adoc @@ -1,4 +1,9 @@ === Message -Change this seed value to something unpredictable, or remove the seed. +When the random number generator's output **is not** predictable by default: +> Change this seed value to something unpredictable, or remove the seed. + +When the random number generator's output **is** predictable by default: + +> Set an unpredictable seed before generating random values. diff --git a/rules/S4347/metadata.json b/rules/S4347/metadata.json index f27e6570e58..ea5ca1cfeff 100644 --- a/rules/S4347/metadata.json +++ b/rules/S4347/metadata.json @@ -1,5 +1,5 @@ { - "title": "\"SecureRandom\" seeds should not be predictable", + "title": "Secure random number generators should not output predictable values", "type": "VULNERABILITY", "code": { "impacts": { diff --git a/rules/S4347/rationale.adoc b/rules/S4347/rationale.adoc index c2c2d31d445..b23e3047165 100644 --- a/rules/S4347/rationale.adoc +++ b/rules/S4347/rationale.adoc @@ -1,3 +1,3 @@ -`java.security.SecureRandom` is often used to generate random values for cryptographic algorithms. When a random number generator is used for cryptographic purposes, the generated numbers must be as random and unpredictable as possible. When `SecureRandom` is improperly seeded with a constant or a predictable value, its output will also be predictable. +Random number generators are often used to generate random values for cryptographic algorithms. When a random number generator is used for cryptographic purposes, the generated numbers must be as random and unpredictable as possible. When the random number generator is improperly seeded with a constant or a predictable value, its output will also be predictable. -This can have severe security implications for cryptographic operations that rely on the randomness of the generated numbers. By using a predictable seed, an attacker can potentially guess or deduce the generated numbers, compromising the security of whatever cryptographic algorithm relies on `SecureRandom`. +This can have severe security implications for cryptographic operations that rely on the randomness of the generated numbers. By using a predictable seed, an attacker can potentially guess or deduce the generated numbers, compromising the security of whatever cryptographic algorithm relies on the random number generator. diff --git a/rules/S4347/summary.adoc b/rules/S4347/summary.adoc index a8ef469fb2c..0edf48cf48f 100644 --- a/rules/S4347/summary.adoc +++ b/rules/S4347/summary.adoc @@ -1 +1 @@ -When using `SecureRandom`, it is important not to use predictable seeds. This class is used to generate cryptographically strong random numbers. Using a predictable seed will make its output predictable as well, which counteracts the use case of `SecureRandom`. +Cryptographic operations often rely on unpredictable random numbers to enhance security. These random numbers are created by cryptographically secure pseudo-random number generators (CSPRNG). It is important not to use a predictable seed with these random number generators otherwise the random numbers will also become predictable.