Uniform distribution in random numbers
Summary
The system's random numbers must be generated using a uniform distribution.
Description
The system's cryptographic keys are essential for maintaining the confidentiality and integrity of transactions and communications. Some of these keys and other critical elements are generated using random numbers. In these cases, the random numbers themselves must be generated using secure mechanisms that guarantee a random distribution.
Supported In
This requirement is verified in following services
Plan | Supported |
---|---|
Machine | 🟢 |
Squad | 🟢 |
References
- CAPEC™-20. Encryption brute forcing
- CWE™-330. Use of insufficiently random values
- CWE™-331. Insufficient entropy
- CWE™-334. Small space of random values
- CWE™-340. Generation of predictable numbers or identifiers
- OWASP TOP 10-A8. Software and data integrity failures
- OWASP-M TOP 10-M3. Insecure communication threat agents
- CERT-C-MSC32-C. Properly seed pseudorandom number generators
- CERT-J-MSC02-J. Generate strong random numbers
- HITRUST CSF-09_y. On-line transactions
- HITRUST CSF-10_g. Key management
- ISO/IEC 27002-8_24. Use of cryptography
- WASSEC-6_2_2_5. Authorization - Session weaknesses
- OWASP SCP-6. Cryptographic practices
- OWASP MASVS-V3_6. Cryptography requirements
- OWASP ASVS-2_6_2. Look-up secret verifier
- OWASP ASVS-2_7_6. Out of band verifier
- OWASP ASVS-6_2_4. Algorithms
- OWASP ASVS-6_3_1. Random values
- OWASP ASVS-6_3_3. Random values
- OWASP ASVS-6_3_2. Random values
- ISO/IEC 27001-8_24. Use of cryptography
- CASA-2_7_6. Out of Band Verifier
- CASA-6_2_4. Algorithms
- CASA-6_3_1. Random Values
- CASA-6_3_2. Random Values
- CASA-6_3_3. Random Values
Vulnerabilities
Search for vulnerabilities in your apps for free with our automated security testing! Start your 21-day free trial and discover the benefits of our Continuous Hacking Machine Plan. If you prefer a full service that includes the expertise of our ethical hackers, don't hesitate to contact us for our Continuous Hacking Squad Plan.