界: Security Features
軟體安全性並非安全性軟體。我們關注驗證、Access Control、保密性、加密以及權限管理之類的主題。
Insecure Randomness
Abstract
標準的虛擬亂數產生器也無法抵擋加密攻擊。
Explanation
在安全性要求較高的環境中,將一個能夠產生可預測值的函數當作隨機來源使用時,會產生 Insecure Randomness 錯誤。
電腦是一種決定性的機器,因此不可能產生真正的隨機性。虛擬亂數產生器 (PRNG, Pseudorandom Number Generator) 近似於隨機演算,會從一個可以計算後續值的種子開始。
PRNG 包括兩種類型:統計式和加密式。統計式 PRNG 可提供有用的統計內容,但是它們的輸出很容易預測,導致複製數值串流很容易。因此,對於因安全性由產生數值決定而導致其不可預測的環境,其並不適用。加密式 PRNG 則會藉由產生更難以預測的輸出來解決這個問題。若要對數值進行加密保護,必須使攻擊者無法或難以區別產生的隨機數值和真實的隨機數值。一般來說,如果沒有指出某個 PRNG 演算法經過加密保護,那麼它很可能是統計式 PRNG,不應在安全性要求較高的環境中使用,否則會引發嚴重弱點,例如易猜的臨時密碼、容易預測的加密金鑰、Session Hijacking 以及 DNS 欺騙。
範例 1:以下程式碼使用統計式 PRNG,為購買後仍在有效期內的收據建立 URL。
此程式碼使用
電腦是一種決定性的機器,因此不可能產生真正的隨機性。虛擬亂數產生器 (PRNG, Pseudorandom Number Generator) 近似於隨機演算,會從一個可以計算後續值的種子開始。
PRNG 包括兩種類型:統計式和加密式。統計式 PRNG 可提供有用的統計內容,但是它們的輸出很容易預測,導致複製數值串流很容易。因此,對於因安全性由產生數值決定而導致其不可預測的環境,其並不適用。加密式 PRNG 則會藉由產生更難以預測的輸出來解決這個問題。若要對數值進行加密保護,必須使攻擊者無法或難以區別產生的隨機數值和真實的隨機數值。一般來說,如果沒有指出某個 PRNG 演算法經過加密保護,那麼它很可能是統計式 PRNG,不應在安全性要求較高的環境中使用,否則會引發嚴重弱點,例如易猜的臨時密碼、容易預測的加密金鑰、Session Hijacking 以及 DNS 欺騙。
範例 1:以下程式碼使用統計式 PRNG,為購買後仍在有效期內的收據建立 URL。
FORM GenerateReceiptURL CHANGING baseUrl TYPE string.
DATA: r TYPE REF TO cl_abap_random,
var1 TYPE i,
var2 TYPE i,
var3 TYPE n.
GET TIME.
var1 = sy-uzeit.
r = cl_abap_random=>create( seed = var1 ).
r->int31( RECEIVING value = var2 ).
var3 = var2.
CONCATENATE baseUrl var3 ".html" INTO baseUrl.
ENDFORM.
此程式碼使用
CL_ABAP_RANDOM->INT31 函數為其所產生的收據頁面產生「唯一」識別碼。由於 CL_ABAP_RANDOM 是統計式 PRNG,攻擊者很容易就能猜到其所產生的字串。雖然收據系統的基礎設計也存在錯誤,但是如果它使用一個不會產生可預測收據識別碼的亂數產生器 (例如加密式 PRNG),那就會安全很多。References
[1] J. Viega, G. McGraw Building Secure Software Addison-Wesley
[2] Standards Mapping - Common Weakness Enumeration CWE ID 338
[3] Standards Mapping - DISA Control Correlation Identifier Version 2 CCI-002450
[4] Standards Mapping - FIPS200 MP
[5] Standards Mapping - General Data Protection Regulation (GDPR) Insufficient Data Protection
[6] Standards Mapping - Motor Industry Software Reliability Association (MISRA) C Guidelines 2023 Rule 21.24
[7] Standards Mapping - NIST Special Publication 800-53 Revision 4 SC-13 Cryptographic Protection (P1)
[8] Standards Mapping - NIST Special Publication 800-53 Revision 5 SC-13 Cryptographic Protection
[9] Standards Mapping - OWASP Application Security Verification Standard 4.0 2.3.1 Authenticator Lifecycle Requirements (L1 L2 L3), 2.6.2 Look-up Secret Verifier Requirements (L2 L3), 3.2.2 Session Binding Requirements (L1 L2 L3), 3.2.4 Session Binding Requirements (L2 L3), 6.3.1 Random Values (L2 L3), 6.3.2 Random Values (L2 L3), 6.3.3 Random Values (L3)
[10] Standards Mapping - OWASP Mobile 2014 M6 Broken Cryptography
[11] Standards Mapping - OWASP Mobile 2024 M10 Insufficient Cryptography
[12] Standards Mapping - OWASP Mobile Application Security Verification Standard 2.0 MASVS-CRYPTO-1
[13] Standards Mapping - OWASP Top 10 2004 A8 Insecure Storage
[14] Standards Mapping - OWASP Top 10 2007 A8 Insecure Cryptographic Storage
[15] Standards Mapping - OWASP Top 10 2010 A7 Insecure Cryptographic Storage
[16] Standards Mapping - OWASP Top 10 2021 A02 Cryptographic Failures
[17] Standards Mapping - Payment Card Industry Data Security Standard Version 1.1 Requirement 6.5.8
[18] Standards Mapping - Payment Card Industry Data Security Standard Version 1.2 Requirement 6.3.1.3, Requirement 6.5.8
[19] Standards Mapping - Payment Card Industry Data Security Standard Version 2.0 Requirement 6.5.3
[20] Standards Mapping - Payment Card Industry Data Security Standard Version 3.0 Requirement 6.5.3
[21] Standards Mapping - Payment Card Industry Data Security Standard Version 3.1 Requirement 6.5.3
[22] Standards Mapping - Payment Card Industry Data Security Standard Version 3.2 Requirement 6.5.3
[23] Standards Mapping - Payment Card Industry Data Security Standard Version 3.2.1 Requirement 6.5.3
[24] Standards Mapping - Payment Card Industry Data Security Standard Version 4.0 Requirement 6.2.4
[25] Standards Mapping - Payment Card Industry Software Security Framework 1.0 Control Objective 7.3 - Use of Cryptography
[26] Standards Mapping - Payment Card Industry Software Security Framework 1.1 Control Objective 7.3 - Use of Cryptography, Control Objective B.2.4 - Terminal Software Design
[27] Standards Mapping - Payment Card Industry Software Security Framework 1.2 Control Objective 7.3 - Use of Cryptography, Control Objective B.2.4 - Terminal Software Design
[28] Standards Mapping - SANS Top 25 2009 Porous Defenses - CWE ID 330
[29] Standards Mapping - Security Technical Implementation Guide Version 3.1 APP3150.2 CAT II
[30] Standards Mapping - Security Technical Implementation Guide Version 3.4 APP3150.2 CAT II
[31] Standards Mapping - Security Technical Implementation Guide Version 3.5 APP3150.2 CAT II
[32] Standards Mapping - Security Technical Implementation Guide Version 3.6 APP3150.2 CAT II
[33] Standards Mapping - Security Technical Implementation Guide Version 3.7 APP3150.2 CAT II
[34] Standards Mapping - Security Technical Implementation Guide Version 3.9 APP3150.2 CAT II
[35] Standards Mapping - Security Technical Implementation Guide Version 3.10 APP3150.2 CAT II
[36] Standards Mapping - Security Technical Implementation Guide Version 4.2 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[37] Standards Mapping - Security Technical Implementation Guide Version 4.3 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[38] Standards Mapping - Security Technical Implementation Guide Version 4.4 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[39] Standards Mapping - Security Technical Implementation Guide Version 4.5 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[40] Standards Mapping - Security Technical Implementation Guide Version 4.6 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[41] Standards Mapping - Security Technical Implementation Guide Version 4.7 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[42] Standards Mapping - Security Technical Implementation Guide Version 4.8 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[43] Standards Mapping - Security Technical Implementation Guide Version 4.9 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[44] Standards Mapping - Security Technical Implementation Guide Version 4.10 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[45] Standards Mapping - Security Technical Implementation Guide Version 4.11 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[46] Standards Mapping - Security Technical Implementation Guide Version 4.1 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[47] Standards Mapping - Security Technical Implementation Guide Version 5.1 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[48] Standards Mapping - Security Technical Implementation Guide Version 5.2 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[49] Standards Mapping - Security Technical Implementation Guide Version 5.3 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[50] Standards Mapping - Security Technical Implementation Guide Version 6.1 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
desc.semantic.abap.insecure_randomness
Abstract
標準的虛擬亂數產生器也無法抵擋加密攻擊。
Explanation
在安全性要求較高的環境中,將一個能夠產生可預測值的函數當作隨機來源使用時,會產生 Insecure Randomness 錯誤。
電腦是一種決定性的機器,因此不可能產生真正的隨機性。虛擬亂數產生器 (PRNG, Pseudorandom Number Generator) 近似於隨機演算,會從一個可以計算後續值的種子開始。
PRNG 包括兩種類型:統計式和加密式。統計式 PRNG 可提供有用的統計內容,但是它們的輸出很容易預測,導致複製數值串流很容易。因此,對於因安全性由產生數值決定而導致其不可預測的環境,其並不適用。加密式 PRNG 則會藉由產生更難以預測的輸出來解決這個問題。若要對數值進行加密保護,必須使攻擊者無法或難以區別產生的隨機數值和真實的隨機數值。一般來說,如果沒有指出某個 PRNG 演算法經過加密保護,那麼它很可能是統計式 PRNG,不應在安全性要求較高的環境中使用,否則會引發嚴重弱點,例如易猜的臨時密碼、容易預測的加密金鑰、Session Hijacking 以及 DNS 欺騙。
範例 1:以下程式碼使用統計式 PRNG,為購買後仍在有效期內的收據建立 URL。
此程式碼使用
電腦是一種決定性的機器,因此不可能產生真正的隨機性。虛擬亂數產生器 (PRNG, Pseudorandom Number Generator) 近似於隨機演算,會從一個可以計算後續值的種子開始。
PRNG 包括兩種類型:統計式和加密式。統計式 PRNG 可提供有用的統計內容,但是它們的輸出很容易預測,導致複製數值串流很容易。因此,對於因安全性由產生數值決定而導致其不可預測的環境,其並不適用。加密式 PRNG 則會藉由產生更難以預測的輸出來解決這個問題。若要對數值進行加密保護,必須使攻擊者無法或難以區別產生的隨機數值和真實的隨機數值。一般來說,如果沒有指出某個 PRNG 演算法經過加密保護,那麼它很可能是統計式 PRNG,不應在安全性要求較高的環境中使用,否則會引發嚴重弱點,例如易猜的臨時密碼、容易預測的加密金鑰、Session Hijacking 以及 DNS 欺騙。
範例 1:以下程式碼使用統計式 PRNG,為購買後仍在有效期內的收據建立 URL。
string GenerateReceiptURL(string baseUrl) {
Random Gen = new Random();
return (baseUrl + Gen.Next().toString() + ".html");
}
此程式碼使用
Random.Next() 函數為其所產生的收據頁面產生「唯一」識別碼。由於 Random.Next() 是統計式 PRNG,攻擊者很容易就能猜到其所產生的字串。雖然收據系統的基礎設計也存在錯誤,但是如果它使用一個不會產生可預測收據識別碼的亂數產生器 (例如加密式 PRNG),那就會安全很多。References
[1] RandomNumberGenerator Class Microsoft
[2] System.Security.Cryptography Namespace Microsoft
[3] J. Viega, G. McGraw Building Secure Software Addison-Wesley
[4] Standards Mapping - Common Weakness Enumeration CWE ID 338
[5] Standards Mapping - DISA Control Correlation Identifier Version 2 CCI-002450
[6] Standards Mapping - FIPS200 MP
[7] Standards Mapping - General Data Protection Regulation (GDPR) Insufficient Data Protection
[8] Standards Mapping - Motor Industry Software Reliability Association (MISRA) C Guidelines 2023 Rule 21.24
[9] Standards Mapping - NIST Special Publication 800-53 Revision 4 SC-13 Cryptographic Protection (P1)
[10] Standards Mapping - NIST Special Publication 800-53 Revision 5 SC-13 Cryptographic Protection
[11] Standards Mapping - OWASP Application Security Verification Standard 4.0 2.3.1 Authenticator Lifecycle Requirements (L1 L2 L3), 2.6.2 Look-up Secret Verifier Requirements (L2 L3), 3.2.2 Session Binding Requirements (L1 L2 L3), 3.2.4 Session Binding Requirements (L2 L3), 6.3.1 Random Values (L2 L3), 6.3.2 Random Values (L2 L3), 6.3.3 Random Values (L3)
[12] Standards Mapping - OWASP Mobile 2014 M6 Broken Cryptography
[13] Standards Mapping - OWASP Mobile 2024 M10 Insufficient Cryptography
[14] Standards Mapping - OWASP Mobile Application Security Verification Standard 2.0 MASVS-CRYPTO-1
[15] Standards Mapping - OWASP Top 10 2004 A8 Insecure Storage
[16] Standards Mapping - OWASP Top 10 2007 A8 Insecure Cryptographic Storage
[17] Standards Mapping - OWASP Top 10 2010 A7 Insecure Cryptographic Storage
[18] Standards Mapping - OWASP Top 10 2021 A02 Cryptographic Failures
[19] Standards Mapping - Payment Card Industry Data Security Standard Version 1.1 Requirement 6.5.8
[20] Standards Mapping - Payment Card Industry Data Security Standard Version 1.2 Requirement 6.3.1.3, Requirement 6.5.8
[21] Standards Mapping - Payment Card Industry Data Security Standard Version 2.0 Requirement 6.5.3
[22] Standards Mapping - Payment Card Industry Data Security Standard Version 3.0 Requirement 6.5.3
[23] Standards Mapping - Payment Card Industry Data Security Standard Version 3.1 Requirement 6.5.3
[24] Standards Mapping - Payment Card Industry Data Security Standard Version 3.2 Requirement 6.5.3
[25] Standards Mapping - Payment Card Industry Data Security Standard Version 3.2.1 Requirement 6.5.3
[26] Standards Mapping - Payment Card Industry Data Security Standard Version 4.0 Requirement 6.2.4
[27] Standards Mapping - Payment Card Industry Software Security Framework 1.0 Control Objective 7.3 - Use of Cryptography
[28] Standards Mapping - Payment Card Industry Software Security Framework 1.1 Control Objective 7.3 - Use of Cryptography, Control Objective B.2.4 - Terminal Software Design
[29] Standards Mapping - Payment Card Industry Software Security Framework 1.2 Control Objective 7.3 - Use of Cryptography, Control Objective B.2.4 - Terminal Software Design
[30] Standards Mapping - SANS Top 25 2009 Porous Defenses - CWE ID 330
[31] Standards Mapping - Security Technical Implementation Guide Version 3.1 APP3150.2 CAT II
[32] Standards Mapping - Security Technical Implementation Guide Version 3.4 APP3150.2 CAT II
[33] Standards Mapping - Security Technical Implementation Guide Version 3.5 APP3150.2 CAT II
[34] Standards Mapping - Security Technical Implementation Guide Version 3.6 APP3150.2 CAT II
[35] Standards Mapping - Security Technical Implementation Guide Version 3.7 APP3150.2 CAT II
[36] Standards Mapping - Security Technical Implementation Guide Version 3.9 APP3150.2 CAT II
[37] Standards Mapping - Security Technical Implementation Guide Version 3.10 APP3150.2 CAT II
[38] Standards Mapping - Security Technical Implementation Guide Version 4.2 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[39] Standards Mapping - Security Technical Implementation Guide Version 4.3 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[40] Standards Mapping - Security Technical Implementation Guide Version 4.4 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[41] Standards Mapping - Security Technical Implementation Guide Version 4.5 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[42] Standards Mapping - Security Technical Implementation Guide Version 4.6 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[43] Standards Mapping - Security Technical Implementation Guide Version 4.7 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[44] Standards Mapping - Security Technical Implementation Guide Version 4.8 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[45] Standards Mapping - Security Technical Implementation Guide Version 4.9 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[46] Standards Mapping - Security Technical Implementation Guide Version 4.10 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[47] Standards Mapping - Security Technical Implementation Guide Version 4.11 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[48] Standards Mapping - Security Technical Implementation Guide Version 4.1 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[49] Standards Mapping - Security Technical Implementation Guide Version 5.1 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[50] Standards Mapping - Security Technical Implementation Guide Version 5.2 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[51] Standards Mapping - Security Technical Implementation Guide Version 5.3 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[52] Standards Mapping - Security Technical Implementation Guide Version 6.1 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
desc.semantic.dotnet.insecure_randomness
Abstract
標準的虛擬亂數產生器也無法抵擋加密攻擊。
Explanation
在安全性較高的環境中,將一個能夠產生可預測值的函數當作亂數來源使用時,會產生 Insecure Randomness 錯誤。
電腦是一種決定性的機器,因此不可能產生真正的隨機性。虛擬亂數產生器 (PRNG, Pseudorandom Number Generator) 近似於隨機演算,會從一個可以計算後續值的種子開始。
PRNG 包括兩種類型:統計式和加密式。統計式 PRNG 可提供有用的統計內容,但是它們的輸出很容易預測,導致複製數值串流很容易。因此,對於因安全性由產生數值決定而導致其不可預測的環境,其並不適用。加密式 PRNG 則會藉由產生更難以預測的輸出來解決這個問題。若要對數值進行加密保護,必須使攻擊者無法或難以區別產生的隨機數值和真實的隨機數值。一般來說,如果沒有指出某個 PRNG 演算法經過加密保護,那麼它很可能是統計式 PRNG,不應在安全性要求較高的環境中使用,否則會引發嚴重弱點,例如易猜的臨時密碼、容易預測的加密金鑰、Session Hijacking 以及 DNS 欺騙。
範例 1:以下程式碼使用統計式 PRNG,為購買後仍在有效期內的收據建立 URL。
此程式碼使用
電腦是一種決定性的機器,因此不可能產生真正的隨機性。虛擬亂數產生器 (PRNG, Pseudorandom Number Generator) 近似於隨機演算,會從一個可以計算後續值的種子開始。
PRNG 包括兩種類型:統計式和加密式。統計式 PRNG 可提供有用的統計內容,但是它們的輸出很容易預測,導致複製數值串流很容易。因此,對於因安全性由產生數值決定而導致其不可預測的環境,其並不適用。加密式 PRNG 則會藉由產生更難以預測的輸出來解決這個問題。若要對數值進行加密保護,必須使攻擊者無法或難以區別產生的隨機數值和真實的隨機數值。一般來說,如果沒有指出某個 PRNG 演算法經過加密保護,那麼它很可能是統計式 PRNG,不應在安全性要求較高的環境中使用,否則會引發嚴重弱點,例如易猜的臨時密碼、容易預測的加密金鑰、Session Hijacking 以及 DNS 欺騙。
範例 1:以下程式碼使用統計式 PRNG,為購買後仍在有效期內的收據建立 URL。
char* CreateReceiptURL() {
int num;
time_t t1;
char *URL = (char*) malloc(MAX_URL);
if (URL) {
(void) time(&t1);
srand48((long) t1); /* use time to set seed */
sprintf(URL, "%s%d%s", "http://test.com/", lrand48(), ".html");
}
return URL;
}
此程式碼使用
lrand48() 函數為其所產生的收據頁面產生「唯一」識別碼。由於 lrand48() 是統計式 PRNG,攻擊者很容易就能猜到其所產生的字串。雖然收據系統的基礎設計也存在錯誤,但是如果它使用一個不會產生可預測收據識別碼的亂數產生器,那就會安全很多。References
[1] B. Schneier Yarrow: A secure pseudorandom number generator
[2] CryptLib
[3] Crypto++
[4] BeeCrypt
[5] OpenSSL
[6] CryptoAPI: CryptGenRandom() Microsoft
[7] RtlGenRandom() Microsoft
[8] .NET System.Security.Cryptography: Random Number Generation Microsoft
[9] J. Viega, G. McGraw Building Secure Software Addison-Wesley
[10] Elaine Barker and John Kelsey NIST Special Publication 800-90A: Recommendation for Random Number Generation Using Deterministic Random Bit Generators NIST
[11] Elaine Barker and John Kelsey NIST DRAFT Special Publication 800-90B: Recommendation for the Entropy Sources Used for Random Bit Generation NIST
[12] Elaine Barker and John Kelsey DRAFT NIST Special Publication 800-90C: Recommendation for Random Bit Generator (RBG) Constructions NIST
[13] Standards Mapping - Common Weakness Enumeration CWE ID 338
[14] Standards Mapping - DISA Control Correlation Identifier Version 2 CCI-002450
[15] Standards Mapping - FIPS200 MP
[16] Standards Mapping - General Data Protection Regulation (GDPR) Insufficient Data Protection
[17] Standards Mapping - Motor Industry Software Reliability Association (MISRA) C Guidelines 2023 Rule 21.24
[18] Standards Mapping - NIST Special Publication 800-53 Revision 4 SC-13 Cryptographic Protection (P1)
[19] Standards Mapping - NIST Special Publication 800-53 Revision 5 SC-13 Cryptographic Protection
[20] Standards Mapping - OWASP Application Security Verification Standard 4.0 2.3.1 Authenticator Lifecycle Requirements (L1 L2 L3), 2.6.2 Look-up Secret Verifier Requirements (L2 L3), 3.2.2 Session Binding Requirements (L1 L2 L3), 3.2.4 Session Binding Requirements (L2 L3), 6.3.1 Random Values (L2 L3), 6.3.2 Random Values (L2 L3), 6.3.3 Random Values (L3)
[21] Standards Mapping - OWASP Mobile 2014 M6 Broken Cryptography
[22] Standards Mapping - OWASP Mobile 2024 M10 Insufficient Cryptography
[23] Standards Mapping - OWASP Mobile Application Security Verification Standard 2.0 MASVS-CRYPTO-1
[24] Standards Mapping - OWASP Top 10 2004 A8 Insecure Storage
[25] Standards Mapping - OWASP Top 10 2007 A8 Insecure Cryptographic Storage
[26] Standards Mapping - OWASP Top 10 2010 A7 Insecure Cryptographic Storage
[27] Standards Mapping - OWASP Top 10 2021 A02 Cryptographic Failures
[28] Standards Mapping - Payment Card Industry Data Security Standard Version 1.1 Requirement 6.5.8
[29] Standards Mapping - Payment Card Industry Data Security Standard Version 1.2 Requirement 6.3.1.3, Requirement 6.5.8
[30] Standards Mapping - Payment Card Industry Data Security Standard Version 2.0 Requirement 6.5.3
[31] Standards Mapping - Payment Card Industry Data Security Standard Version 3.0 Requirement 6.5.3
[32] Standards Mapping - Payment Card Industry Data Security Standard Version 3.1 Requirement 6.5.3
[33] Standards Mapping - Payment Card Industry Data Security Standard Version 3.2 Requirement 6.5.3
[34] Standards Mapping - Payment Card Industry Data Security Standard Version 3.2.1 Requirement 6.5.3
[35] Standards Mapping - Payment Card Industry Data Security Standard Version 4.0 Requirement 6.2.4
[36] Standards Mapping - Payment Card Industry Software Security Framework 1.0 Control Objective 7.3 - Use of Cryptography
[37] Standards Mapping - Payment Card Industry Software Security Framework 1.1 Control Objective 7.3 - Use of Cryptography, Control Objective B.2.4 - Terminal Software Design
[38] Standards Mapping - Payment Card Industry Software Security Framework 1.2 Control Objective 7.3 - Use of Cryptography, Control Objective B.2.4 - Terminal Software Design
[39] Standards Mapping - SANS Top 25 2009 Porous Defenses - CWE ID 330
[40] Standards Mapping - Security Technical Implementation Guide Version 3.1 APP3150.2 CAT II
[41] Standards Mapping - Security Technical Implementation Guide Version 3.4 APP3150.2 CAT II
[42] Standards Mapping - Security Technical Implementation Guide Version 3.5 APP3150.2 CAT II
[43] Standards Mapping - Security Technical Implementation Guide Version 3.6 APP3150.2 CAT II
[44] Standards Mapping - Security Technical Implementation Guide Version 3.7 APP3150.2 CAT II
[45] Standards Mapping - Security Technical Implementation Guide Version 3.9 APP3150.2 CAT II
[46] Standards Mapping - Security Technical Implementation Guide Version 3.10 APP3150.2 CAT II
[47] Standards Mapping - Security Technical Implementation Guide Version 4.2 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[48] Standards Mapping - Security Technical Implementation Guide Version 4.3 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[49] Standards Mapping - Security Technical Implementation Guide Version 4.4 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[50] Standards Mapping - Security Technical Implementation Guide Version 4.5 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[51] Standards Mapping - Security Technical Implementation Guide Version 4.6 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[52] Standards Mapping - Security Technical Implementation Guide Version 4.7 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[53] Standards Mapping - Security Technical Implementation Guide Version 4.8 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[54] Standards Mapping - Security Technical Implementation Guide Version 4.9 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[55] Standards Mapping - Security Technical Implementation Guide Version 4.10 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[56] Standards Mapping - Security Technical Implementation Guide Version 4.11 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[57] Standards Mapping - Security Technical Implementation Guide Version 4.1 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[58] Standards Mapping - Security Technical Implementation Guide Version 5.1 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[59] Standards Mapping - Security Technical Implementation Guide Version 5.2 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[60] Standards Mapping - Security Technical Implementation Guide Version 5.3 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[61] Standards Mapping - Security Technical Implementation Guide Version 6.1 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
desc.semantic.cpp.insecure_randomness
Abstract
標準的虛擬亂數產生器也無法抵擋加密攻擊。
Explanation
在安全性要求較高的環境中,將一個能夠產生可預測值的函數當作隨機來源使用時,會產生 Insecure Randomness 錯誤。
電腦是一種決定性的機器,因此不可能產生真正的隨機性。虛擬亂數產生器 (PRNG, Pseudorandom Number Generator) 近似於隨機演算,會從一個可以計算後續值的種子開始。
PRNG 包括兩種類型:統計式和加密式。統計式 PRNG 可提供有用的統計內容,但是它們的輸出很容易預測,導致複製數值串流很容易。因此,對於因安全性由產生數值決定而導致其不可預測的環境,其並不適用。加密式 PRNG 則會藉由產生更難以預測的輸出來解決這個問題。若要對數值進行加密保護,必須使攻擊者無法或難以區別產生的隨機數值和真實的隨機數值。一般來說,如果沒有指出某個 PRNG 演算法經過加密保護,那麼它很可能是統計式 PRNG,不應在安全性要求較高的環境中使用,否則會引發嚴重弱點,例如易猜的臨時密碼、容易預測的加密金鑰、Session Hijacking 以及 DNS 欺騙。
範例 1:以下程式碼使用統計式 PRNG,為購買後仍在有效期內的收據建立 URL。
此程式碼使用
電腦是一種決定性的機器,因此不可能產生真正的隨機性。虛擬亂數產生器 (PRNG, Pseudorandom Number Generator) 近似於隨機演算,會從一個可以計算後續值的種子開始。
PRNG 包括兩種類型:統計式和加密式。統計式 PRNG 可提供有用的統計內容,但是它們的輸出很容易預測,導致複製數值串流很容易。因此,對於因安全性由產生數值決定而導致其不可預測的環境,其並不適用。加密式 PRNG 則會藉由產生更難以預測的輸出來解決這個問題。若要對數值進行加密保護,必須使攻擊者無法或難以區別產生的隨機數值和真實的隨機數值。一般來說,如果沒有指出某個 PRNG 演算法經過加密保護,那麼它很可能是統計式 PRNG,不應在安全性要求較高的環境中使用,否則會引發嚴重弱點,例如易猜的臨時密碼、容易預測的加密金鑰、Session Hijacking 以及 DNS 欺騙。
範例 1:以下程式碼使用統計式 PRNG,為購買後仍在有效期內的收據建立 URL。
<cfoutput>
Receipt: #baseUrl##Rand()#.cfm
</cfoutput>
此程式碼使用
Rand() 函數為其所產生的收據頁面產生「唯一」識別碼。由於 Rand() 是統計式 PRNG,攻擊者很容易就能猜到其所產生的字串。雖然收據系統的基礎設計也存在錯誤,但是如果它使用一個不會產生可預測收據識別碼的亂數產生器 (例如加密式 PRNG),那就會安全很多。References
[1] ColdFusion Java CFX Reference Adobe
[2] Java Cryptography Architecture Oracle
[3] J. Viega, G. McGraw Building Secure Software Addison-Wesley
[4] Standards Mapping - Common Weakness Enumeration CWE ID 338
[5] Standards Mapping - DISA Control Correlation Identifier Version 2 CCI-002450
[6] Standards Mapping - FIPS200 MP
[7] Standards Mapping - General Data Protection Regulation (GDPR) Insufficient Data Protection
[8] Standards Mapping - Motor Industry Software Reliability Association (MISRA) C Guidelines 2023 Rule 21.24
[9] Standards Mapping - NIST Special Publication 800-53 Revision 4 SC-13 Cryptographic Protection (P1)
[10] Standards Mapping - NIST Special Publication 800-53 Revision 5 SC-13 Cryptographic Protection
[11] Standards Mapping - OWASP Application Security Verification Standard 4.0 2.3.1 Authenticator Lifecycle Requirements (L1 L2 L3), 2.6.2 Look-up Secret Verifier Requirements (L2 L3), 3.2.2 Session Binding Requirements (L1 L2 L3), 3.2.4 Session Binding Requirements (L2 L3), 6.3.1 Random Values (L2 L3), 6.3.2 Random Values (L2 L3), 6.3.3 Random Values (L3)
[12] Standards Mapping - OWASP Mobile 2014 M6 Broken Cryptography
[13] Standards Mapping - OWASP Mobile 2024 M10 Insufficient Cryptography
[14] Standards Mapping - OWASP Mobile Application Security Verification Standard 2.0 MASVS-CRYPTO-1
[15] Standards Mapping - OWASP Top 10 2004 A8 Insecure Storage
[16] Standards Mapping - OWASP Top 10 2007 A8 Insecure Cryptographic Storage
[17] Standards Mapping - OWASP Top 10 2010 A7 Insecure Cryptographic Storage
[18] Standards Mapping - OWASP Top 10 2021 A02 Cryptographic Failures
[19] Standards Mapping - Payment Card Industry Data Security Standard Version 1.1 Requirement 6.5.8
[20] Standards Mapping - Payment Card Industry Data Security Standard Version 1.2 Requirement 6.3.1.3, Requirement 6.5.8
[21] Standards Mapping - Payment Card Industry Data Security Standard Version 2.0 Requirement 6.5.3
[22] Standards Mapping - Payment Card Industry Data Security Standard Version 3.0 Requirement 6.5.3
[23] Standards Mapping - Payment Card Industry Data Security Standard Version 3.1 Requirement 6.5.3
[24] Standards Mapping - Payment Card Industry Data Security Standard Version 3.2 Requirement 6.5.3
[25] Standards Mapping - Payment Card Industry Data Security Standard Version 3.2.1 Requirement 6.5.3
[26] Standards Mapping - Payment Card Industry Data Security Standard Version 4.0 Requirement 6.2.4
[27] Standards Mapping - Payment Card Industry Software Security Framework 1.0 Control Objective 7.3 - Use of Cryptography
[28] Standards Mapping - Payment Card Industry Software Security Framework 1.1 Control Objective 7.3 - Use of Cryptography, Control Objective B.2.4 - Terminal Software Design
[29] Standards Mapping - Payment Card Industry Software Security Framework 1.2 Control Objective 7.3 - Use of Cryptography, Control Objective B.2.4 - Terminal Software Design
[30] Standards Mapping - SANS Top 25 2009 Porous Defenses - CWE ID 330
[31] Standards Mapping - Security Technical Implementation Guide Version 3.1 APP3150.2 CAT II
[32] Standards Mapping - Security Technical Implementation Guide Version 3.4 APP3150.2 CAT II
[33] Standards Mapping - Security Technical Implementation Guide Version 3.5 APP3150.2 CAT II
[34] Standards Mapping - Security Technical Implementation Guide Version 3.6 APP3150.2 CAT II
[35] Standards Mapping - Security Technical Implementation Guide Version 3.7 APP3150.2 CAT II
[36] Standards Mapping - Security Technical Implementation Guide Version 3.9 APP3150.2 CAT II
[37] Standards Mapping - Security Technical Implementation Guide Version 3.10 APP3150.2 CAT II
[38] Standards Mapping - Security Technical Implementation Guide Version 4.2 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[39] Standards Mapping - Security Technical Implementation Guide Version 4.3 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[40] Standards Mapping - Security Technical Implementation Guide Version 4.4 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[41] Standards Mapping - Security Technical Implementation Guide Version 4.5 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[42] Standards Mapping - Security Technical Implementation Guide Version 4.6 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[43] Standards Mapping - Security Technical Implementation Guide Version 4.7 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[44] Standards Mapping - Security Technical Implementation Guide Version 4.8 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[45] Standards Mapping - Security Technical Implementation Guide Version 4.9 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[46] Standards Mapping - Security Technical Implementation Guide Version 4.10 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[47] Standards Mapping - Security Technical Implementation Guide Version 4.11 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[48] Standards Mapping - Security Technical Implementation Guide Version 4.1 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[49] Standards Mapping - Security Technical Implementation Guide Version 5.1 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[50] Standards Mapping - Security Technical Implementation Guide Version 5.2 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[51] Standards Mapping - Security Technical Implementation Guide Version 5.3 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[52] Standards Mapping - Security Technical Implementation Guide Version 6.1 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
desc.semantic.cfml.insecure_randomness
Abstract
標準的虛擬亂數產生器也無法抵擋加密攻擊。
Explanation
在安全性要求較高的環境中,將一個能夠產生可預測值的函數當作隨機來源使用時,會產生 Insecure Randomness 錯誤。
電腦是一種決定性的機器,因此不可能產生真正的隨機性。虛擬亂數產生器 (PRNG, Pseudorandom Number Generator) 近似於隨機演算,會從一個可以計算後續值的種子開始。
PRNG 包括兩種類型:統計式和加密式。統計式 PRNG 可提供有用的統計內容。但是,它們的輸出很容易預測,導致複製數值串流很容易。因此,對於因安全性由產生數值決定而導致其不可預測的環境,其並不適用。加密式 PRNG 則會藉由產生更難以預測的輸出來處理這個問題。若要對數值進行加密保護,必須使攻擊者無法或難以區別產生的隨機數值和真實的隨機數值。一般來說,如果沒有指出某個 PRNG 演算法經過加密保護,那麼它很可能是統計式 PRNG,不應在安全性要求較高的環境中使用,否則會引發嚴重弱點,例如易猜的臨時密碼、容易預測的加密金鑰、Session Hijacking 以及 DNS 欺騙。
範例 1:下列程式碼使用統計式 PRNG 來建立 RSA 金鑰。
此程式碼使用
電腦是一種決定性的機器,因此不可能產生真正的隨機性。虛擬亂數產生器 (PRNG, Pseudorandom Number Generator) 近似於隨機演算,會從一個可以計算後續值的種子開始。
PRNG 包括兩種類型:統計式和加密式。統計式 PRNG 可提供有用的統計內容。但是,它們的輸出很容易預測,導致複製數值串流很容易。因此,對於因安全性由產生數值決定而導致其不可預測的環境,其並不適用。加密式 PRNG 則會藉由產生更難以預測的輸出來處理這個問題。若要對數值進行加密保護,必須使攻擊者無法或難以區別產生的隨機數值和真實的隨機數值。一般來說,如果沒有指出某個 PRNG 演算法經過加密保護,那麼它很可能是統計式 PRNG,不應在安全性要求較高的環境中使用,否則會引發嚴重弱點,例如易猜的臨時密碼、容易預測的加密金鑰、Session Hijacking 以及 DNS 欺騙。
範例 1:下列程式碼使用統計式 PRNG 來建立 RSA 金鑰。
import "math/rand"
...
var mathRand = rand.New(rand.NewSource(1))
rsa.GenerateKey(mathRand, 2048)
此程式碼使用
rand.New() 函數為 RSA 金鑰產生隨機性。由於 rand.New() 是統計式 PRNG,所以攻擊者很容易就能猜到其所產生的值。References
[1] J. Viega, G. McGraw Building Secure Software Addison-Wesley
[2] Standards Mapping - Common Weakness Enumeration CWE ID 338
[3] Standards Mapping - DISA Control Correlation Identifier Version 2 CCI-002450
[4] Standards Mapping - FIPS200 MP
[5] Standards Mapping - General Data Protection Regulation (GDPR) Insufficient Data Protection
[6] Standards Mapping - Motor Industry Software Reliability Association (MISRA) C Guidelines 2023 Rule 21.24
[7] Standards Mapping - NIST Special Publication 800-53 Revision 4 SC-13 Cryptographic Protection (P1)
[8] Standards Mapping - NIST Special Publication 800-53 Revision 5 SC-13 Cryptographic Protection
[9] Standards Mapping - OWASP Application Security Verification Standard 4.0 2.3.1 Authenticator Lifecycle Requirements (L1 L2 L3), 2.6.2 Look-up Secret Verifier Requirements (L2 L3), 3.2.2 Session Binding Requirements (L1 L2 L3), 3.2.4 Session Binding Requirements (L2 L3), 6.3.1 Random Values (L2 L3), 6.3.2 Random Values (L2 L3), 6.3.3 Random Values (L3)
[10] Standards Mapping - OWASP Mobile 2014 M6 Broken Cryptography
[11] Standards Mapping - OWASP Mobile 2024 M10 Insufficient Cryptography
[12] Standards Mapping - OWASP Mobile Application Security Verification Standard 2.0 MASVS-CRYPTO-1
[13] Standards Mapping - OWASP Top 10 2004 A8 Insecure Storage
[14] Standards Mapping - OWASP Top 10 2007 A8 Insecure Cryptographic Storage
[15] Standards Mapping - OWASP Top 10 2010 A7 Insecure Cryptographic Storage
[16] Standards Mapping - OWASP Top 10 2021 A02 Cryptographic Failures
[17] Standards Mapping - Payment Card Industry Data Security Standard Version 1.1 Requirement 6.5.8
[18] Standards Mapping - Payment Card Industry Data Security Standard Version 1.2 Requirement 6.3.1.3, Requirement 6.5.8
[19] Standards Mapping - Payment Card Industry Data Security Standard Version 2.0 Requirement 6.5.3
[20] Standards Mapping - Payment Card Industry Data Security Standard Version 3.0 Requirement 6.5.3
[21] Standards Mapping - Payment Card Industry Data Security Standard Version 3.1 Requirement 6.5.3
[22] Standards Mapping - Payment Card Industry Data Security Standard Version 3.2 Requirement 6.5.3
[23] Standards Mapping - Payment Card Industry Data Security Standard Version 3.2.1 Requirement 6.5.3
[24] Standards Mapping - Payment Card Industry Data Security Standard Version 4.0 Requirement 6.2.4
[25] Standards Mapping - Payment Card Industry Software Security Framework 1.0 Control Objective 7.3 - Use of Cryptography
[26] Standards Mapping - Payment Card Industry Software Security Framework 1.1 Control Objective 7.3 - Use of Cryptography, Control Objective B.2.4 - Terminal Software Design
[27] Standards Mapping - Payment Card Industry Software Security Framework 1.2 Control Objective 7.3 - Use of Cryptography, Control Objective B.2.4 - Terminal Software Design
[28] Standards Mapping - SANS Top 25 2009 Porous Defenses - CWE ID 330
[29] Standards Mapping - Security Technical Implementation Guide Version 3.1 APP3150.2 CAT II
[30] Standards Mapping - Security Technical Implementation Guide Version 3.4 APP3150.2 CAT II
[31] Standards Mapping - Security Technical Implementation Guide Version 3.5 APP3150.2 CAT II
[32] Standards Mapping - Security Technical Implementation Guide Version 3.6 APP3150.2 CAT II
[33] Standards Mapping - Security Technical Implementation Guide Version 3.7 APP3150.2 CAT II
[34] Standards Mapping - Security Technical Implementation Guide Version 3.9 APP3150.2 CAT II
[35] Standards Mapping - Security Technical Implementation Guide Version 3.10 APP3150.2 CAT II
[36] Standards Mapping - Security Technical Implementation Guide Version 4.2 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[37] Standards Mapping - Security Technical Implementation Guide Version 4.3 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[38] Standards Mapping - Security Technical Implementation Guide Version 4.4 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[39] Standards Mapping - Security Technical Implementation Guide Version 4.5 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[40] Standards Mapping - Security Technical Implementation Guide Version 4.6 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[41] Standards Mapping - Security Technical Implementation Guide Version 4.7 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[42] Standards Mapping - Security Technical Implementation Guide Version 4.8 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[43] Standards Mapping - Security Technical Implementation Guide Version 4.9 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[44] Standards Mapping - Security Technical Implementation Guide Version 4.10 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[45] Standards Mapping - Security Technical Implementation Guide Version 4.11 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[46] Standards Mapping - Security Technical Implementation Guide Version 4.1 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[47] Standards Mapping - Security Technical Implementation Guide Version 5.1 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[48] Standards Mapping - Security Technical Implementation Guide Version 5.2 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[49] Standards Mapping - Security Technical Implementation Guide Version 5.3 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[50] Standards Mapping - Security Technical Implementation Guide Version 6.1 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
desc.semantic.golang.insecure_randomness
Abstract
標準的虛擬亂數產生器也無法抵擋加密攻擊。
Explanation
在安全性要求較高的環境中,將一個能夠產生可預測值的函數當作隨機來源使用時,會產生 Insecure Randomness 錯誤。
電腦是一種決定性的機器,因此不可能產生真正的隨機性。虛擬亂數產生器 (PRNG, Pseudorandom Number Generator) 近似於隨機演算,會從一個可以計算後續值的種子開始。
PRNG 包括兩種類型:統計式和加密式。統計式 PRNG 可提供有用的統計內容,但是它們的輸出很容易預測,導致複製數值串流很容易。因此,對於因安全性由產生數值決定而導致其不可預測的環境,其並不適用。加密式 PRNG 則會藉由產生更難以預測的輸出來解決這個問題。若要對數值進行加密保護,必須使攻擊者無法或難以區別產生的隨機數值和真實的隨機數值。一般來說,如果沒有指出某個 PRNG 演算法經過加密保護,那麼它很可能是統計式 PRNG,不應在安全性要求較高的環境中使用,否則會引發嚴重弱點,例如易猜的臨時密碼、容易預測的加密金鑰、Session Hijacking 以及 DNS 欺騙。
範例 1:以下程式碼使用統計式 PRNG,為購買後仍在有效期內的收據建立 URL。
此程式碼使用
電腦是一種決定性的機器,因此不可能產生真正的隨機性。虛擬亂數產生器 (PRNG, Pseudorandom Number Generator) 近似於隨機演算,會從一個可以計算後續值的種子開始。
PRNG 包括兩種類型:統計式和加密式。統計式 PRNG 可提供有用的統計內容,但是它們的輸出很容易預測,導致複製數值串流很容易。因此,對於因安全性由產生數值決定而導致其不可預測的環境,其並不適用。加密式 PRNG 則會藉由產生更難以預測的輸出來解決這個問題。若要對數值進行加密保護,必須使攻擊者無法或難以區別產生的隨機數值和真實的隨機數值。一般來說,如果沒有指出某個 PRNG 演算法經過加密保護,那麼它很可能是統計式 PRNG,不應在安全性要求較高的環境中使用,否則會引發嚴重弱點,例如易猜的臨時密碼、容易預測的加密金鑰、Session Hijacking 以及 DNS 欺騙。
範例 1:以下程式碼使用統計式 PRNG,為購買後仍在有效期內的收據建立 URL。
String GenerateReceiptURL(String baseUrl) {
Random ranGen = new Random();
ranGen.setSeed((new Date()).getTime());
return (baseUrl + ranGen.nextInt(400000000) + ".html");
}
此程式碼使用
Random.nextInt() 函數為其所產生的收據頁面產生「唯一」識別碼。由於 Random.nextInt() 是統計式 PRNG,攻擊者很容易就能猜到其所產生的字串。雖然收據系統的基礎設計也存在錯誤,但是如果它使用一個不會產生可預測收據識別碼的亂數產生器 (例如加密式 PRNG),那就會安全很多。References
[1] Java Cryptography Architecture Oracle
[2] J. Viega, G. McGraw Building Secure Software Addison-Wesley
[3] MSC02-J. Generate strong random numbers CERT
[4] Standards Mapping - Common Weakness Enumeration CWE ID 338
[5] Standards Mapping - DISA Control Correlation Identifier Version 2 CCI-002450
[6] Standards Mapping - FIPS200 MP
[7] Standards Mapping - General Data Protection Regulation (GDPR) Insufficient Data Protection
[8] Standards Mapping - Motor Industry Software Reliability Association (MISRA) C Guidelines 2023 Rule 21.24
[9] Standards Mapping - NIST Special Publication 800-53 Revision 4 SC-13 Cryptographic Protection (P1)
[10] Standards Mapping - NIST Special Publication 800-53 Revision 5 SC-13 Cryptographic Protection
[11] Standards Mapping - OWASP Application Security Verification Standard 4.0 2.3.1 Authenticator Lifecycle Requirements (L1 L2 L3), 2.6.2 Look-up Secret Verifier Requirements (L2 L3), 3.2.2 Session Binding Requirements (L1 L2 L3), 3.2.4 Session Binding Requirements (L2 L3), 6.3.1 Random Values (L2 L3), 6.3.2 Random Values (L2 L3), 6.3.3 Random Values (L3)
[12] Standards Mapping - OWASP Mobile 2014 M6 Broken Cryptography
[13] Standards Mapping - OWASP Mobile 2024 M10 Insufficient Cryptography
[14] Standards Mapping - OWASP Mobile Application Security Verification Standard 2.0 MASVS-CRYPTO-1
[15] Standards Mapping - OWASP Top 10 2004 A8 Insecure Storage
[16] Standards Mapping - OWASP Top 10 2007 A8 Insecure Cryptographic Storage
[17] Standards Mapping - OWASP Top 10 2010 A7 Insecure Cryptographic Storage
[18] Standards Mapping - OWASP Top 10 2021 A02 Cryptographic Failures
[19] Standards Mapping - Payment Card Industry Data Security Standard Version 1.1 Requirement 6.5.8
[20] Standards Mapping - Payment Card Industry Data Security Standard Version 1.2 Requirement 6.3.1.3, Requirement 6.5.8
[21] Standards Mapping - Payment Card Industry Data Security Standard Version 2.0 Requirement 6.5.3
[22] Standards Mapping - Payment Card Industry Data Security Standard Version 3.0 Requirement 6.5.3
[23] Standards Mapping - Payment Card Industry Data Security Standard Version 3.1 Requirement 6.5.3
[24] Standards Mapping - Payment Card Industry Data Security Standard Version 3.2 Requirement 6.5.3
[25] Standards Mapping - Payment Card Industry Data Security Standard Version 3.2.1 Requirement 6.5.3
[26] Standards Mapping - Payment Card Industry Data Security Standard Version 4.0 Requirement 6.2.4
[27] Standards Mapping - Payment Card Industry Software Security Framework 1.0 Control Objective 7.3 - Use of Cryptography
[28] Standards Mapping - Payment Card Industry Software Security Framework 1.1 Control Objective 7.3 - Use of Cryptography, Control Objective B.2.4 - Terminal Software Design
[29] Standards Mapping - Payment Card Industry Software Security Framework 1.2 Control Objective 7.3 - Use of Cryptography, Control Objective B.2.4 - Terminal Software Design
[30] Standards Mapping - SANS Top 25 2009 Porous Defenses - CWE ID 330
[31] Standards Mapping - Security Technical Implementation Guide Version 3.1 APP3150.2 CAT II
[32] Standards Mapping - Security Technical Implementation Guide Version 3.4 APP3150.2 CAT II
[33] Standards Mapping - Security Technical Implementation Guide Version 3.5 APP3150.2 CAT II
[34] Standards Mapping - Security Technical Implementation Guide Version 3.6 APP3150.2 CAT II
[35] Standards Mapping - Security Technical Implementation Guide Version 3.7 APP3150.2 CAT II
[36] Standards Mapping - Security Technical Implementation Guide Version 3.9 APP3150.2 CAT II
[37] Standards Mapping - Security Technical Implementation Guide Version 3.10 APP3150.2 CAT II
[38] Standards Mapping - Security Technical Implementation Guide Version 4.2 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[39] Standards Mapping - Security Technical Implementation Guide Version 4.3 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[40] Standards Mapping - Security Technical Implementation Guide Version 4.4 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[41] Standards Mapping - Security Technical Implementation Guide Version 4.5 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[42] Standards Mapping - Security Technical Implementation Guide Version 4.6 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[43] Standards Mapping - Security Technical Implementation Guide Version 4.7 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[44] Standards Mapping - Security Technical Implementation Guide Version 4.8 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[45] Standards Mapping - Security Technical Implementation Guide Version 4.9 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[46] Standards Mapping - Security Technical Implementation Guide Version 4.10 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[47] Standards Mapping - Security Technical Implementation Guide Version 4.11 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[48] Standards Mapping - Security Technical Implementation Guide Version 4.1 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[49] Standards Mapping - Security Technical Implementation Guide Version 5.1 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[50] Standards Mapping - Security Technical Implementation Guide Version 5.2 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[51] Standards Mapping - Security Technical Implementation Guide Version 5.3 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[52] Standards Mapping - Security Technical Implementation Guide Version 6.1 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
desc.semantic.java.insecure_randomness
Abstract
標準的虛擬亂數產生器也無法抵擋加密攻擊。
Explanation
在安全性要求較高的環境中,將一個能夠產生可預測值的函數當作隨機來源使用時,會產生 Insecure Randomness 錯誤。
電腦是一種決定性的機器,因此不可能產生真正的隨機性。虛擬亂數產生器 (PRNG, Pseudorandom Number Generator) 近似於隨機演算,會從一個可以計算後續值的種子開始。
PRNG 包括兩種類型:統計式和加密式。統計式 PRNG 可提供有用的統計內容,但是它們的輸出很容易預測,導致複製數值串流很容易。因此,對於因安全性由產生數值決定而導致其不可預測的環境,其並不適用。加密式 PRNG 則會藉由產生更難以預測的輸出來解決這個問題。若要對數值進行加密保護,必須使攻擊者無法或難以區別產生的隨機數值和真實的隨機數值。一般來說,如果沒有指出某個 PRNG 演算法經過加密保護,那麼它很可能是統計式 PRNG,不應在安全性要求較高的環境中使用,否則會引發嚴重弱點,例如易猜的臨時密碼、容易預測的加密金鑰、Session Hijacking 以及 DNS 欺騙。
範例 1:以下程式碼使用統計式 PRNG,為購買後仍在有效期內的收據建立 URL。
此程式碼使用
電腦是一種決定性的機器,因此不可能產生真正的隨機性。虛擬亂數產生器 (PRNG, Pseudorandom Number Generator) 近似於隨機演算,會從一個可以計算後續值的種子開始。
PRNG 包括兩種類型:統計式和加密式。統計式 PRNG 可提供有用的統計內容,但是它們的輸出很容易預測,導致複製數值串流很容易。因此,對於因安全性由產生數值決定而導致其不可預測的環境,其並不適用。加密式 PRNG 則會藉由產生更難以預測的輸出來解決這個問題。若要對數值進行加密保護,必須使攻擊者無法或難以區別產生的隨機數值和真實的隨機數值。一般來說,如果沒有指出某個 PRNG 演算法經過加密保護,那麼它很可能是統計式 PRNG,不應在安全性要求較高的環境中使用,否則會引發嚴重弱點,例如易猜的臨時密碼、容易預測的加密金鑰、Session Hijacking 以及 DNS 欺騙。
範例 1:以下程式碼使用統計式 PRNG,為購買後仍在有效期內的收據建立 URL。
function genReceiptURL (baseURL){
var randNum = Math.random();
var receiptURL = baseURL + randNum + ".html";
return receiptURL;
}
此程式碼使用
Math.random() 函數為其所產生的收據頁面產生「唯一」識別碼。由於 Math.random() 是統計式 PRNG,攻擊者很容易就能猜到其所產生的字串。雖然收據系統的基礎設計也存在錯誤,但是如果它使用一個不會產生可預測收據識別碼的亂數產生器 (例如加密式 PRNG),那就會安全很多。References
[1] J. Viega, G. McGraw Building Secure Software Addison-Wesley
[2] Crypto | Node.js documentation The OpenJS Foundation and Node.js contributors
[3] Standards Mapping - Common Weakness Enumeration CWE ID 338
[4] Standards Mapping - DISA Control Correlation Identifier Version 2 CCI-002450
[5] Standards Mapping - FIPS200 MP
[6] Standards Mapping - General Data Protection Regulation (GDPR) Insufficient Data Protection
[7] Standards Mapping - Motor Industry Software Reliability Association (MISRA) C Guidelines 2023 Rule 21.24
[8] Standards Mapping - NIST Special Publication 800-53 Revision 4 SC-13 Cryptographic Protection (P1)
[9] Standards Mapping - NIST Special Publication 800-53 Revision 5 SC-13 Cryptographic Protection
[10] Standards Mapping - OWASP Application Security Verification Standard 4.0 2.3.1 Authenticator Lifecycle Requirements (L1 L2 L3), 2.6.2 Look-up Secret Verifier Requirements (L2 L3), 3.2.2 Session Binding Requirements (L1 L2 L3), 3.2.4 Session Binding Requirements (L2 L3), 6.3.1 Random Values (L2 L3), 6.3.2 Random Values (L2 L3), 6.3.3 Random Values (L3)
[11] Standards Mapping - OWASP Mobile 2014 M6 Broken Cryptography
[12] Standards Mapping - OWASP Mobile 2024 M10 Insufficient Cryptography
[13] Standards Mapping - OWASP Mobile Application Security Verification Standard 2.0 MASVS-CRYPTO-1
[14] Standards Mapping - OWASP Top 10 2004 A8 Insecure Storage
[15] Standards Mapping - OWASP Top 10 2007 A8 Insecure Cryptographic Storage
[16] Standards Mapping - OWASP Top 10 2010 A7 Insecure Cryptographic Storage
[17] Standards Mapping - OWASP Top 10 2021 A02 Cryptographic Failures
[18] Standards Mapping - Payment Card Industry Data Security Standard Version 1.1 Requirement 6.5.8
[19] Standards Mapping - Payment Card Industry Data Security Standard Version 1.2 Requirement 6.3.1.3, Requirement 6.5.8
[20] Standards Mapping - Payment Card Industry Data Security Standard Version 2.0 Requirement 6.5.3
[21] Standards Mapping - Payment Card Industry Data Security Standard Version 3.0 Requirement 6.5.3
[22] Standards Mapping - Payment Card Industry Data Security Standard Version 3.1 Requirement 6.5.3
[23] Standards Mapping - Payment Card Industry Data Security Standard Version 3.2 Requirement 6.5.3
[24] Standards Mapping - Payment Card Industry Data Security Standard Version 3.2.1 Requirement 6.5.3
[25] Standards Mapping - Payment Card Industry Data Security Standard Version 4.0 Requirement 6.2.4
[26] Standards Mapping - Payment Card Industry Software Security Framework 1.0 Control Objective 7.3 - Use of Cryptography
[27] Standards Mapping - Payment Card Industry Software Security Framework 1.1 Control Objective 7.3 - Use of Cryptography, Control Objective B.2.4 - Terminal Software Design
[28] Standards Mapping - Payment Card Industry Software Security Framework 1.2 Control Objective 7.3 - Use of Cryptography, Control Objective B.2.4 - Terminal Software Design
[29] Standards Mapping - SANS Top 25 2009 Porous Defenses - CWE ID 330
[30] Standards Mapping - Security Technical Implementation Guide Version 3.1 APP3150.2 CAT II
[31] Standards Mapping - Security Technical Implementation Guide Version 3.4 APP3150.2 CAT II
[32] Standards Mapping - Security Technical Implementation Guide Version 3.5 APP3150.2 CAT II
[33] Standards Mapping - Security Technical Implementation Guide Version 3.6 APP3150.2 CAT II
[34] Standards Mapping - Security Technical Implementation Guide Version 3.7 APP3150.2 CAT II
[35] Standards Mapping - Security Technical Implementation Guide Version 3.9 APP3150.2 CAT II
[36] Standards Mapping - Security Technical Implementation Guide Version 3.10 APP3150.2 CAT II
[37] Standards Mapping - Security Technical Implementation Guide Version 4.2 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[38] Standards Mapping - Security Technical Implementation Guide Version 4.3 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[39] Standards Mapping - Security Technical Implementation Guide Version 4.4 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[40] Standards Mapping - Security Technical Implementation Guide Version 4.5 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[41] Standards Mapping - Security Technical Implementation Guide Version 4.6 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[42] Standards Mapping - Security Technical Implementation Guide Version 4.7 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[43] Standards Mapping - Security Technical Implementation Guide Version 4.8 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[44] Standards Mapping - Security Technical Implementation Guide Version 4.9 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[45] Standards Mapping - Security Technical Implementation Guide Version 4.10 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[46] Standards Mapping - Security Technical Implementation Guide Version 4.11 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[47] Standards Mapping - Security Technical Implementation Guide Version 4.1 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[48] Standards Mapping - Security Technical Implementation Guide Version 5.1 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[49] Standards Mapping - Security Technical Implementation Guide Version 5.2 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[50] Standards Mapping - Security Technical Implementation Guide Version 5.3 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[51] Standards Mapping - Security Technical Implementation Guide Version 6.1 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
desc.structural.javascript.insecure_randomness
Abstract
標準的虛擬亂數產生器也無法抵擋加密攻擊。
Explanation
在安全性要求較高的環境中,將一個能夠產生可預測值的函數當作隨機來源使用時,會產生 Insecure Randomness 錯誤。
電腦是一種決定性的機器,因此不可能產生真正的隨機性。虛擬亂數產生器 (PRNG, Pseudorandom Number Generator) 近似於隨機演算,會從一個可以計算後續值的種子開始。
PRNG 包括兩種類型:統計式和加密式。統計式 PRNG 可提供有用的統計內容,但是它們的輸出很容易預測,導致複製數值串流很容易。因此,對於因安全性由產生數值決定而導致其不可預測的環境,其並不適用。加密式 PRNG 則會藉由產生更難以預測的輸出來解決這個問題。若要對數值進行加密保護,必須使攻擊者無法或難以區別產生的隨機數值和真實的隨機數值。一般來說,如果沒有指出某個 PRNG 演算法經過加密保護,那麼它很可能是統計式 PRNG,不應在安全性要求較高的環境中使用,否則會引發嚴重弱點,例如易猜的臨時密碼、容易預測的加密金鑰、Session Hijacking 以及 DNS 欺騙。
範例 1:以下程式碼使用統計式 PRNG,為購買後仍在有效期內的收據建立 URL。
此程式碼使用
電腦是一種決定性的機器,因此不可能產生真正的隨機性。虛擬亂數產生器 (PRNG, Pseudorandom Number Generator) 近似於隨機演算,會從一個可以計算後續值的種子開始。
PRNG 包括兩種類型:統計式和加密式。統計式 PRNG 可提供有用的統計內容,但是它們的輸出很容易預測,導致複製數值串流很容易。因此,對於因安全性由產生數值決定而導致其不可預測的環境,其並不適用。加密式 PRNG 則會藉由產生更難以預測的輸出來解決這個問題。若要對數值進行加密保護,必須使攻擊者無法或難以區別產生的隨機數值和真實的隨機數值。一般來說,如果沒有指出某個 PRNG 演算法經過加密保護,那麼它很可能是統計式 PRNG,不應在安全性要求較高的環境中使用,否則會引發嚴重弱點,例如易猜的臨時密碼、容易預測的加密金鑰、Session Hijacking 以及 DNS 欺騙。
範例 1:以下程式碼使用統計式 PRNG,為購買後仍在有效期內的收據建立 URL。
fun GenerateReceiptURL(baseUrl: String): String {
val ranGen = Random(Date().getTime())
return baseUrl + ranGen.nextInt(400000000).toString() + ".html"
}
此程式碼使用
Random.nextInt() 函數為其所產生的收據頁面產生「唯一」識別碼。由於 Random.nextInt() 是統計式 PRNG,攻擊者很容易就能猜到其所產生的字串。雖然收據系統的基礎設計也存在錯誤,但是如果它使用一個不會產生可預測收據識別碼的亂數產生器 (例如加密型 PRNG),那就會安全很多。References
[1] Java Cryptography Architecture Oracle
[2] J. Viega, G. McGraw Building Secure Software Addison-Wesley
[3] MSC02-J. Generate strong random numbers CERT
[4] Standards Mapping - Common Weakness Enumeration CWE ID 338
[5] Standards Mapping - DISA Control Correlation Identifier Version 2 CCI-002450
[6] Standards Mapping - FIPS200 MP
[7] Standards Mapping - General Data Protection Regulation (GDPR) Insufficient Data Protection
[8] Standards Mapping - Motor Industry Software Reliability Association (MISRA) C Guidelines 2023 Rule 21.24
[9] Standards Mapping - NIST Special Publication 800-53 Revision 4 SC-13 Cryptographic Protection (P1)
[10] Standards Mapping - NIST Special Publication 800-53 Revision 5 SC-13 Cryptographic Protection
[11] Standards Mapping - OWASP Application Security Verification Standard 4.0 2.3.1 Authenticator Lifecycle Requirements (L1 L2 L3), 2.6.2 Look-up Secret Verifier Requirements (L2 L3), 3.2.2 Session Binding Requirements (L1 L2 L3), 3.2.4 Session Binding Requirements (L2 L3), 6.3.1 Random Values (L2 L3), 6.3.2 Random Values (L2 L3), 6.3.3 Random Values (L3)
[12] Standards Mapping - OWASP Mobile 2014 M6 Broken Cryptography
[13] Standards Mapping - OWASP Mobile 2024 M10 Insufficient Cryptography
[14] Standards Mapping - OWASP Mobile Application Security Verification Standard 2.0 MASVS-CRYPTO-1
[15] Standards Mapping - OWASP Top 10 2004 A8 Insecure Storage
[16] Standards Mapping - OWASP Top 10 2007 A8 Insecure Cryptographic Storage
[17] Standards Mapping - OWASP Top 10 2010 A7 Insecure Cryptographic Storage
[18] Standards Mapping - OWASP Top 10 2021 A02 Cryptographic Failures
[19] Standards Mapping - Payment Card Industry Data Security Standard Version 1.1 Requirement 6.5.8
[20] Standards Mapping - Payment Card Industry Data Security Standard Version 1.2 Requirement 6.3.1.3, Requirement 6.5.8
[21] Standards Mapping - Payment Card Industry Data Security Standard Version 2.0 Requirement 6.5.3
[22] Standards Mapping - Payment Card Industry Data Security Standard Version 3.0 Requirement 6.5.3
[23] Standards Mapping - Payment Card Industry Data Security Standard Version 3.1 Requirement 6.5.3
[24] Standards Mapping - Payment Card Industry Data Security Standard Version 3.2 Requirement 6.5.3
[25] Standards Mapping - Payment Card Industry Data Security Standard Version 3.2.1 Requirement 6.5.3
[26] Standards Mapping - Payment Card Industry Data Security Standard Version 4.0 Requirement 6.2.4
[27] Standards Mapping - Payment Card Industry Software Security Framework 1.0 Control Objective 7.3 - Use of Cryptography
[28] Standards Mapping - Payment Card Industry Software Security Framework 1.1 Control Objective 7.3 - Use of Cryptography, Control Objective B.2.4 - Terminal Software Design
[29] Standards Mapping - Payment Card Industry Software Security Framework 1.2 Control Objective 7.3 - Use of Cryptography, Control Objective B.2.4 - Terminal Software Design
[30] Standards Mapping - SANS Top 25 2009 Porous Defenses - CWE ID 330
[31] Standards Mapping - Security Technical Implementation Guide Version 3.1 APP3150.2 CAT II
[32] Standards Mapping - Security Technical Implementation Guide Version 3.4 APP3150.2 CAT II
[33] Standards Mapping - Security Technical Implementation Guide Version 3.5 APP3150.2 CAT II
[34] Standards Mapping - Security Technical Implementation Guide Version 3.6 APP3150.2 CAT II
[35] Standards Mapping - Security Technical Implementation Guide Version 3.7 APP3150.2 CAT II
[36] Standards Mapping - Security Technical Implementation Guide Version 3.9 APP3150.2 CAT II
[37] Standards Mapping - Security Technical Implementation Guide Version 3.10 APP3150.2 CAT II
[38] Standards Mapping - Security Technical Implementation Guide Version 4.2 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[39] Standards Mapping - Security Technical Implementation Guide Version 4.3 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[40] Standards Mapping - Security Technical Implementation Guide Version 4.4 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[41] Standards Mapping - Security Technical Implementation Guide Version 4.5 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[42] Standards Mapping - Security Technical Implementation Guide Version 4.6 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[43] Standards Mapping - Security Technical Implementation Guide Version 4.7 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[44] Standards Mapping - Security Technical Implementation Guide Version 4.8 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[45] Standards Mapping - Security Technical Implementation Guide Version 4.9 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[46] Standards Mapping - Security Technical Implementation Guide Version 4.10 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[47] Standards Mapping - Security Technical Implementation Guide Version 4.11 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[48] Standards Mapping - Security Technical Implementation Guide Version 4.1 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[49] Standards Mapping - Security Technical Implementation Guide Version 5.1 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[50] Standards Mapping - Security Technical Implementation Guide Version 5.2 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[51] Standards Mapping - Security Technical Implementation Guide Version 5.3 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[52] Standards Mapping - Security Technical Implementation Guide Version 6.1 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
desc.semantic.kotlin.insecure_randomness
Abstract
標準的虛擬亂數產生器也無法抵擋加密攻擊。
Explanation
在安全性要求較高的環境中,將一個能夠產生可預測值的函數當作隨機來源使用時,會產生 Insecure Randomness 錯誤。
電腦是一種決定性的機器,因此不可能產生真正的隨機性。虛擬亂數產生器 (PRNG, Pseudorandom Number Generator) 近似於隨機演算,會從一個可以計算後續值的種子開始。
PRNG 包括兩種類型:統計式和加密式。統計式 PRNG 可提供有用的統計內容,但是它們的輸出很容易預測,導致複製數值串流很容易。因此,對於因安全性由產生數值決定而導致其不可預測的環境,其並不適用。加密式 PRNG 則會藉由產生更難以預測的輸出來解決這個問題。若要對數值進行加密保護,必須使攻擊者無法或難以區別產生的隨機數值和真實的隨機數值。一般來說,如果沒有指出某個 PRNG 演算法經過加密保護,那麼它很可能是統計式 PRNG,不應在安全性要求較高的環境中使用,否則會引發嚴重弱點,例如易猜的臨時密碼、容易預測的加密金鑰、Session Hijacking 以及 DNS 欺騙。
範例 1:以下程式碼使用統計式 PRNG,為購買後仍在有效期內的收據建立 URL。
此程式碼使用
電腦是一種決定性的機器,因此不可能產生真正的隨機性。虛擬亂數產生器 (PRNG, Pseudorandom Number Generator) 近似於隨機演算,會從一個可以計算後續值的種子開始。
PRNG 包括兩種類型:統計式和加密式。統計式 PRNG 可提供有用的統計內容,但是它們的輸出很容易預測,導致複製數值串流很容易。因此,對於因安全性由產生數值決定而導致其不可預測的環境,其並不適用。加密式 PRNG 則會藉由產生更難以預測的輸出來解決這個問題。若要對數值進行加密保護,必須使攻擊者無法或難以區別產生的隨機數值和真實的隨機數值。一般來說,如果沒有指出某個 PRNG 演算法經過加密保護,那麼它很可能是統計式 PRNG,不應在安全性要求較高的環境中使用,否則會引發嚴重弱點,例如易猜的臨時密碼、容易預測的加密金鑰、Session Hijacking 以及 DNS 欺騙。
範例 1:以下程式碼使用統計式 PRNG,為購買後仍在有效期內的收據建立 URL。
function genReceiptURL($baseURL) {
$randNum = rand();
$receiptURL = $baseURL . $randNum . ".html";
return $receiptURL;
}
此程式碼使用
rand() 函數為其所產生的收據頁面產生「唯一」識別碼。由於 rand() 是統計式 PRNG,攻擊者很容易就能猜到其所產生的字串。雖然收據系統的基礎設計也存在錯誤,但是如果它使用一個不會產生可預測收據識別碼的亂數產生器 (例如加密式 PRNG),那就會安全很多。References
[1] J. Viega, G. McGraw Building Secure Software Addison-Wesley
[2] Standards Mapping - Common Weakness Enumeration CWE ID 338
[3] Standards Mapping - DISA Control Correlation Identifier Version 2 CCI-002450
[4] Standards Mapping - FIPS200 MP
[5] Standards Mapping - General Data Protection Regulation (GDPR) Insufficient Data Protection
[6] Standards Mapping - Motor Industry Software Reliability Association (MISRA) C Guidelines 2023 Rule 21.24
[7] Standards Mapping - NIST Special Publication 800-53 Revision 4 SC-13 Cryptographic Protection (P1)
[8] Standards Mapping - NIST Special Publication 800-53 Revision 5 SC-13 Cryptographic Protection
[9] Standards Mapping - OWASP Application Security Verification Standard 4.0 2.3.1 Authenticator Lifecycle Requirements (L1 L2 L3), 2.6.2 Look-up Secret Verifier Requirements (L2 L3), 3.2.2 Session Binding Requirements (L1 L2 L3), 3.2.4 Session Binding Requirements (L2 L3), 6.3.1 Random Values (L2 L3), 6.3.2 Random Values (L2 L3), 6.3.3 Random Values (L3)
[10] Standards Mapping - OWASP Mobile 2014 M6 Broken Cryptography
[11] Standards Mapping - OWASP Mobile 2024 M10 Insufficient Cryptography
[12] Standards Mapping - OWASP Mobile Application Security Verification Standard 2.0 MASVS-CRYPTO-1
[13] Standards Mapping - OWASP Top 10 2004 A8 Insecure Storage
[14] Standards Mapping - OWASP Top 10 2007 A8 Insecure Cryptographic Storage
[15] Standards Mapping - OWASP Top 10 2010 A7 Insecure Cryptographic Storage
[16] Standards Mapping - OWASP Top 10 2021 A02 Cryptographic Failures
[17] Standards Mapping - Payment Card Industry Data Security Standard Version 1.1 Requirement 6.5.8
[18] Standards Mapping - Payment Card Industry Data Security Standard Version 1.2 Requirement 6.3.1.3, Requirement 6.5.8
[19] Standards Mapping - Payment Card Industry Data Security Standard Version 2.0 Requirement 6.5.3
[20] Standards Mapping - Payment Card Industry Data Security Standard Version 3.0 Requirement 6.5.3
[21] Standards Mapping - Payment Card Industry Data Security Standard Version 3.1 Requirement 6.5.3
[22] Standards Mapping - Payment Card Industry Data Security Standard Version 3.2 Requirement 6.5.3
[23] Standards Mapping - Payment Card Industry Data Security Standard Version 3.2.1 Requirement 6.5.3
[24] Standards Mapping - Payment Card Industry Data Security Standard Version 4.0 Requirement 6.2.4
[25] Standards Mapping - Payment Card Industry Software Security Framework 1.0 Control Objective 7.3 - Use of Cryptography
[26] Standards Mapping - Payment Card Industry Software Security Framework 1.1 Control Objective 7.3 - Use of Cryptography, Control Objective B.2.4 - Terminal Software Design
[27] Standards Mapping - Payment Card Industry Software Security Framework 1.2 Control Objective 7.3 - Use of Cryptography, Control Objective B.2.4 - Terminal Software Design
[28] Standards Mapping - SANS Top 25 2009 Porous Defenses - CWE ID 330
[29] Standards Mapping - Security Technical Implementation Guide Version 3.1 APP3150.2 CAT II
[30] Standards Mapping - Security Technical Implementation Guide Version 3.4 APP3150.2 CAT II
[31] Standards Mapping - Security Technical Implementation Guide Version 3.5 APP3150.2 CAT II
[32] Standards Mapping - Security Technical Implementation Guide Version 3.6 APP3150.2 CAT II
[33] Standards Mapping - Security Technical Implementation Guide Version 3.7 APP3150.2 CAT II
[34] Standards Mapping - Security Technical Implementation Guide Version 3.9 APP3150.2 CAT II
[35] Standards Mapping - Security Technical Implementation Guide Version 3.10 APP3150.2 CAT II
[36] Standards Mapping - Security Technical Implementation Guide Version 4.2 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[37] Standards Mapping - Security Technical Implementation Guide Version 4.3 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[38] Standards Mapping - Security Technical Implementation Guide Version 4.4 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[39] Standards Mapping - Security Technical Implementation Guide Version 4.5 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[40] Standards Mapping - Security Technical Implementation Guide Version 4.6 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[41] Standards Mapping - Security Technical Implementation Guide Version 4.7 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[42] Standards Mapping - Security Technical Implementation Guide Version 4.8 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[43] Standards Mapping - Security Technical Implementation Guide Version 4.9 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[44] Standards Mapping - Security Technical Implementation Guide Version 4.10 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[45] Standards Mapping - Security Technical Implementation Guide Version 4.11 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[46] Standards Mapping - Security Technical Implementation Guide Version 4.1 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[47] Standards Mapping - Security Technical Implementation Guide Version 5.1 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[48] Standards Mapping - Security Technical Implementation Guide Version 5.2 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[49] Standards Mapping - Security Technical Implementation Guide Version 5.3 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[50] Standards Mapping - Security Technical Implementation Guide Version 6.1 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
desc.semantic.php.insecure_randomness
Abstract
標準的虛擬亂數產生器也無法抵擋加密攻擊。
Explanation
在安全性較高的環境中,將一個能夠產生可預測值的函數當作亂數來源使用時,會產生 Insecure Randomness 錯誤。
電腦是一種決定性的機器,因此不可能產生真正的隨機性。虛擬亂數產生器 (PRNG, Pseudorandom Number Generator) 近似於隨機演算,會從一個可以計算後續值的種子開始。
PRNG 包括兩種類型:統計式和加密式。統計式 PRNG 可提供有用的統計內容,但是它們的輸出很容易預測,導致複製數值串流很容易。因此,對於因安全性由產生數值決定而導致其不可預測的環境,其並不適用。加密式 PRNG 則會藉由產生更難以預測的輸出來解決這個問題。若要對數值進行加密保護,必須使攻擊者無法或難以區別產生的隨機數值和真實的隨機數值。一般來說,如果沒有指出某個 PRNG 演算法經過加密保護,那麼它很可能是統計式 PRNG,不應在安全性要求較高的環境中使用,否則會引發嚴重弱點,例如易猜的臨時密碼、容易預測的加密金鑰、Session Hijacking 以及 DNS 欺騙。
範例 1:以下程式碼使用統計式 PRNG,為購買後仍在有效期內的收據建立 URL。
此程式碼使用
電腦是一種決定性的機器,因此不可能產生真正的隨機性。虛擬亂數產生器 (PRNG, Pseudorandom Number Generator) 近似於隨機演算,會從一個可以計算後續值的種子開始。
PRNG 包括兩種類型:統計式和加密式。統計式 PRNG 可提供有用的統計內容,但是它們的輸出很容易預測,導致複製數值串流很容易。因此,對於因安全性由產生數值決定而導致其不可預測的環境,其並不適用。加密式 PRNG 則會藉由產生更難以預測的輸出來解決這個問題。若要對數值進行加密保護,必須使攻擊者無法或難以區別產生的隨機數值和真實的隨機數值。一般來說,如果沒有指出某個 PRNG 演算法經過加密保護,那麼它很可能是統計式 PRNG,不應在安全性要求較高的環境中使用,否則會引發嚴重弱點,例如易猜的臨時密碼、容易預測的加密金鑰、Session Hijacking 以及 DNS 欺騙。
範例 1:以下程式碼使用統計式 PRNG,為購買後仍在有效期內的收據建立 URL。
CREATE or REPLACE FUNCTION CREATE_RECEIPT_URL
RETURN VARCHAR2
AS
rnum VARCHAR2(48);
time TIMESTAMP;
url VARCHAR2(MAX_URL)
BEGIN
time := SYSTIMESTAMP;
DBMS_RANDOM.SEED(time);
rnum := DBMS_RANDOM.STRING('x', 48);
url := 'http://test.com/' || rnum || '.html';
RETURN url;
END
此程式碼使用
DBMS_RANDOM.SEED() 函數為其所產生的收據頁面產生「唯一」識別碼。由於 DBMS_RANDOM.SEED() 是統計式 PRNG,攻擊者很容易就能猜到其所產生的字串。雖然收據系統的基礎設計也存在錯誤,但是如果它使用一個不會產生可預測收據識別碼的亂數產生器,那就會安全很多。References
[1] Oracle Database Security Guide
[2] J. Viega, G. McGraw Building Secure Software Addison-Wesley
[3] Standards Mapping - Common Weakness Enumeration CWE ID 338
[4] Standards Mapping - DISA Control Correlation Identifier Version 2 CCI-002450
[5] Standards Mapping - FIPS200 MP
[6] Standards Mapping - General Data Protection Regulation (GDPR) Insufficient Data Protection
[7] Standards Mapping - Motor Industry Software Reliability Association (MISRA) C Guidelines 2023 Rule 21.24
[8] Standards Mapping - NIST Special Publication 800-53 Revision 4 SC-13 Cryptographic Protection (P1)
[9] Standards Mapping - NIST Special Publication 800-53 Revision 5 SC-13 Cryptographic Protection
[10] Standards Mapping - OWASP Application Security Verification Standard 4.0 2.3.1 Authenticator Lifecycle Requirements (L1 L2 L3), 2.6.2 Look-up Secret Verifier Requirements (L2 L3), 3.2.2 Session Binding Requirements (L1 L2 L3), 3.2.4 Session Binding Requirements (L2 L3), 6.3.1 Random Values (L2 L3), 6.3.2 Random Values (L2 L3), 6.3.3 Random Values (L3)
[11] Standards Mapping - OWASP Mobile 2014 M6 Broken Cryptography
[12] Standards Mapping - OWASP Mobile 2024 M10 Insufficient Cryptography
[13] Standards Mapping - OWASP Mobile Application Security Verification Standard 2.0 MASVS-CRYPTO-1
[14] Standards Mapping - OWASP Top 10 2004 A8 Insecure Storage
[15] Standards Mapping - OWASP Top 10 2007 A8 Insecure Cryptographic Storage
[16] Standards Mapping - OWASP Top 10 2010 A7 Insecure Cryptographic Storage
[17] Standards Mapping - OWASP Top 10 2021 A02 Cryptographic Failures
[18] Standards Mapping - Payment Card Industry Data Security Standard Version 1.1 Requirement 6.5.8
[19] Standards Mapping - Payment Card Industry Data Security Standard Version 1.2 Requirement 6.3.1.3, Requirement 6.5.8
[20] Standards Mapping - Payment Card Industry Data Security Standard Version 2.0 Requirement 6.5.3
[21] Standards Mapping - Payment Card Industry Data Security Standard Version 3.0 Requirement 6.5.3
[22] Standards Mapping - Payment Card Industry Data Security Standard Version 3.1 Requirement 6.5.3
[23] Standards Mapping - Payment Card Industry Data Security Standard Version 3.2 Requirement 6.5.3
[24] Standards Mapping - Payment Card Industry Data Security Standard Version 3.2.1 Requirement 6.5.3
[25] Standards Mapping - Payment Card Industry Data Security Standard Version 4.0 Requirement 6.2.4
[26] Standards Mapping - Payment Card Industry Software Security Framework 1.0 Control Objective 7.3 - Use of Cryptography
[27] Standards Mapping - Payment Card Industry Software Security Framework 1.1 Control Objective 7.3 - Use of Cryptography, Control Objective B.2.4 - Terminal Software Design
[28] Standards Mapping - Payment Card Industry Software Security Framework 1.2 Control Objective 7.3 - Use of Cryptography, Control Objective B.2.4 - Terminal Software Design
[29] Standards Mapping - SANS Top 25 2009 Porous Defenses - CWE ID 330
[30] Standards Mapping - Security Technical Implementation Guide Version 3.1 APP3150.2 CAT II
[31] Standards Mapping - Security Technical Implementation Guide Version 3.4 APP3150.2 CAT II
[32] Standards Mapping - Security Technical Implementation Guide Version 3.5 APP3150.2 CAT II
[33] Standards Mapping - Security Technical Implementation Guide Version 3.6 APP3150.2 CAT II
[34] Standards Mapping - Security Technical Implementation Guide Version 3.7 APP3150.2 CAT II
[35] Standards Mapping - Security Technical Implementation Guide Version 3.9 APP3150.2 CAT II
[36] Standards Mapping - Security Technical Implementation Guide Version 3.10 APP3150.2 CAT II
[37] Standards Mapping - Security Technical Implementation Guide Version 4.2 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[38] Standards Mapping - Security Technical Implementation Guide Version 4.3 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[39] Standards Mapping - Security Technical Implementation Guide Version 4.4 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[40] Standards Mapping - Security Technical Implementation Guide Version 4.5 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[41] Standards Mapping - Security Technical Implementation Guide Version 4.6 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[42] Standards Mapping - Security Technical Implementation Guide Version 4.7 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[43] Standards Mapping - Security Technical Implementation Guide Version 4.8 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[44] Standards Mapping - Security Technical Implementation Guide Version 4.9 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[45] Standards Mapping - Security Technical Implementation Guide Version 4.10 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[46] Standards Mapping - Security Technical Implementation Guide Version 4.11 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[47] Standards Mapping - Security Technical Implementation Guide Version 4.1 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[48] Standards Mapping - Security Technical Implementation Guide Version 5.1 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[49] Standards Mapping - Security Technical Implementation Guide Version 5.2 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[50] Standards Mapping - Security Technical Implementation Guide Version 5.3 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[51] Standards Mapping - Security Technical Implementation Guide Version 6.1 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
desc.semantic.sql.insecure_randomness
Abstract
標準的虛擬亂數產生器也無法抵擋加密攻擊。
Explanation
在安全性要求較高的環境中,將一個能夠產生可預測值的函數當作隨機來源使用時,會產生 Insecure Randomness 錯誤。
電腦是一種決定性的機器,因此不可能產生真正的隨機性。虛擬亂數產生器 (PRNG, Pseudorandom Number Generator) 近似於隨機演算,會從一個可以計算後續值的種子開始。
PRNG 包括兩種類型:統計式和加密式。統計式 PRNG 可提供有用的統計內容,但是它們的輸出很容易預測,導致複製數值串流很容易。因此,對於因安全性由產生數值決定而導致其不可預測的環境,其並不適用。加密式 PRNG 則會藉由產生更難以預測的輸出來解決這個問題。若要對數值進行加密保護,必須使攻擊者無法或難以區別產生的隨機數值和真實的隨機數值。一般來說,如果沒有指出某個 PRNG 演算法經過加密保護,那麼它很可能是統計式 PRNG,不應在安全性要求較高的環境中使用,否則會引發嚴重弱點,例如易猜的臨時密碼、容易預測的加密金鑰、Session Hijacking 以及 DNS 欺騙。
範例 1:以下程式碼使用統計式 PRNG,為購買後仍在有效期內的收據建立 URL。
此程式碼使用
電腦是一種決定性的機器,因此不可能產生真正的隨機性。虛擬亂數產生器 (PRNG, Pseudorandom Number Generator) 近似於隨機演算,會從一個可以計算後續值的種子開始。
PRNG 包括兩種類型:統計式和加密式。統計式 PRNG 可提供有用的統計內容,但是它們的輸出很容易預測,導致複製數值串流很容易。因此,對於因安全性由產生數值決定而導致其不可預測的環境,其並不適用。加密式 PRNG 則會藉由產生更難以預測的輸出來解決這個問題。若要對數值進行加密保護,必須使攻擊者無法或難以區別產生的隨機數值和真實的隨機數值。一般來說,如果沒有指出某個 PRNG 演算法經過加密保護,那麼它很可能是統計式 PRNG,不應在安全性要求較高的環境中使用,否則會引發嚴重弱點,例如易猜的臨時密碼、容易預測的加密金鑰、Session Hijacking 以及 DNS 欺騙。
範例 1:以下程式碼使用統計式 PRNG,為購買後仍在有效期內的收據建立 URL。
def genReceiptURL(self,baseURL):
randNum = random.random()
receiptURL = baseURL + randNum + ".html"
return receiptURL
此程式碼使用
rand() 函數為其所產生的收據頁面產生「唯一」識別碼。由於 rand() 是統計式 PRNG,攻擊者很容易就能猜到其所產生的字串。雖然收據系統的基礎設計也存在錯誤,但是如果它使用一個不會產生可預測收據識別碼的亂數產生器 (例如加密式 PRNG),那就會安全很多。References
[1] J. Viega, G. McGraw Building Secure Software Addison-Wesley
[2] Standards Mapping - Common Weakness Enumeration CWE ID 338
[3] Standards Mapping - DISA Control Correlation Identifier Version 2 CCI-002450
[4] Standards Mapping - FIPS200 MP
[5] Standards Mapping - General Data Protection Regulation (GDPR) Insufficient Data Protection
[6] Standards Mapping - Motor Industry Software Reliability Association (MISRA) C Guidelines 2023 Rule 21.24
[7] Standards Mapping - NIST Special Publication 800-53 Revision 4 SC-13 Cryptographic Protection (P1)
[8] Standards Mapping - NIST Special Publication 800-53 Revision 5 SC-13 Cryptographic Protection
[9] Standards Mapping - OWASP Application Security Verification Standard 4.0 2.3.1 Authenticator Lifecycle Requirements (L1 L2 L3), 2.6.2 Look-up Secret Verifier Requirements (L2 L3), 3.2.2 Session Binding Requirements (L1 L2 L3), 3.2.4 Session Binding Requirements (L2 L3), 6.3.1 Random Values (L2 L3), 6.3.2 Random Values (L2 L3), 6.3.3 Random Values (L3)
[10] Standards Mapping - OWASP Mobile 2014 M6 Broken Cryptography
[11] Standards Mapping - OWASP Mobile 2024 M10 Insufficient Cryptography
[12] Standards Mapping - OWASP Mobile Application Security Verification Standard 2.0 MASVS-CRYPTO-1
[13] Standards Mapping - OWASP Top 10 2004 A8 Insecure Storage
[14] Standards Mapping - OWASP Top 10 2007 A8 Insecure Cryptographic Storage
[15] Standards Mapping - OWASP Top 10 2010 A7 Insecure Cryptographic Storage
[16] Standards Mapping - OWASP Top 10 2021 A02 Cryptographic Failures
[17] Standards Mapping - Payment Card Industry Data Security Standard Version 1.1 Requirement 6.5.8
[18] Standards Mapping - Payment Card Industry Data Security Standard Version 1.2 Requirement 6.3.1.3, Requirement 6.5.8
[19] Standards Mapping - Payment Card Industry Data Security Standard Version 2.0 Requirement 6.5.3
[20] Standards Mapping - Payment Card Industry Data Security Standard Version 3.0 Requirement 6.5.3
[21] Standards Mapping - Payment Card Industry Data Security Standard Version 3.1 Requirement 6.5.3
[22] Standards Mapping - Payment Card Industry Data Security Standard Version 3.2 Requirement 6.5.3
[23] Standards Mapping - Payment Card Industry Data Security Standard Version 3.2.1 Requirement 6.5.3
[24] Standards Mapping - Payment Card Industry Data Security Standard Version 4.0 Requirement 6.2.4
[25] Standards Mapping - Payment Card Industry Software Security Framework 1.0 Control Objective 7.3 - Use of Cryptography
[26] Standards Mapping - Payment Card Industry Software Security Framework 1.1 Control Objective 7.3 - Use of Cryptography, Control Objective B.2.4 - Terminal Software Design
[27] Standards Mapping - Payment Card Industry Software Security Framework 1.2 Control Objective 7.3 - Use of Cryptography, Control Objective B.2.4 - Terminal Software Design
[28] Standards Mapping - SANS Top 25 2009 Porous Defenses - CWE ID 330
[29] Standards Mapping - Security Technical Implementation Guide Version 3.1 APP3150.2 CAT II
[30] Standards Mapping - Security Technical Implementation Guide Version 3.4 APP3150.2 CAT II
[31] Standards Mapping - Security Technical Implementation Guide Version 3.5 APP3150.2 CAT II
[32] Standards Mapping - Security Technical Implementation Guide Version 3.6 APP3150.2 CAT II
[33] Standards Mapping - Security Technical Implementation Guide Version 3.7 APP3150.2 CAT II
[34] Standards Mapping - Security Technical Implementation Guide Version 3.9 APP3150.2 CAT II
[35] Standards Mapping - Security Technical Implementation Guide Version 3.10 APP3150.2 CAT II
[36] Standards Mapping - Security Technical Implementation Guide Version 4.2 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[37] Standards Mapping - Security Technical Implementation Guide Version 4.3 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[38] Standards Mapping - Security Technical Implementation Guide Version 4.4 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[39] Standards Mapping - Security Technical Implementation Guide Version 4.5 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[40] Standards Mapping - Security Technical Implementation Guide Version 4.6 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[41] Standards Mapping - Security Technical Implementation Guide Version 4.7 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[42] Standards Mapping - Security Technical Implementation Guide Version 4.8 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[43] Standards Mapping - Security Technical Implementation Guide Version 4.9 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[44] Standards Mapping - Security Technical Implementation Guide Version 4.10 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[45] Standards Mapping - Security Technical Implementation Guide Version 4.11 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[46] Standards Mapping - Security Technical Implementation Guide Version 4.1 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[47] Standards Mapping - Security Technical Implementation Guide Version 5.1 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[48] Standards Mapping - Security Technical Implementation Guide Version 5.2 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[49] Standards Mapping - Security Technical Implementation Guide Version 5.3 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[50] Standards Mapping - Security Technical Implementation Guide Version 6.1 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
desc.semantic.python.insecure_randomness
Abstract
標準的虛擬亂數產生器也無法抵擋加密攻擊。
Explanation
在安全性要求較高的環境中,將一個能夠產生可預測值的函數當作隨機來源使用時,會產生 Insecure Randomness 錯誤。
電腦是一種決定性的機器,因此不可能產生真正的隨機性。虛擬亂數產生器 (PRNG, Pseudorandom Number Generator) 近似於隨機演算,會從一個可以計算後續值的種子開始。
PRNG 包括兩種類型:統計式和加密式。統計式 PRNG 可提供有用的統計內容,但是它們的輸出很容易預測,導致複製數值串流很容易。因此,對於因安全性由產生數值決定而導致其不可預測的環境,其並不適用。加密式 PRNG 則會藉由產生更難以預測的輸出來解決這個問題。若要對數值進行加密保護,必須使攻擊者無法或難以區別產生的隨機數值和真實的隨機數值。一般來說,如果沒有指出某個 PRNG 演算法經過加密保護,那麼它很可能是統計式 PRNG,不應在安全性要求較高的環境中使用,否則會引發嚴重弱點,例如易猜的臨時密碼、容易預測的加密金鑰、Session Hijacking 以及 DNS 欺騙。
範例 1:以下程式碼使用統計式 PRNG,為購買後仍在有效期內的收據建立 URL。
此程式碼使用
電腦是一種決定性的機器,因此不可能產生真正的隨機性。虛擬亂數產生器 (PRNG, Pseudorandom Number Generator) 近似於隨機演算,會從一個可以計算後續值的種子開始。
PRNG 包括兩種類型:統計式和加密式。統計式 PRNG 可提供有用的統計內容,但是它們的輸出很容易預測,導致複製數值串流很容易。因此,對於因安全性由產生數值決定而導致其不可預測的環境,其並不適用。加密式 PRNG 則會藉由產生更難以預測的輸出來解決這個問題。若要對數值進行加密保護,必須使攻擊者無法或難以區別產生的隨機數值和真實的隨機數值。一般來說,如果沒有指出某個 PRNG 演算法經過加密保護,那麼它很可能是統計式 PRNG,不應在安全性要求較高的環境中使用,否則會引發嚴重弱點,例如易猜的臨時密碼、容易預測的加密金鑰、Session Hijacking 以及 DNS 欺騙。
範例 1:以下程式碼使用統計式 PRNG,為購買後仍在有效期內的收據建立 URL。
def generateReceiptURL(baseUrl) {
randNum = rand(400000000)
return ("#{baseUrl}#{randNum}.html");
}
此程式碼使用
Kernel.rand() 函數為其所產生的收據頁面產生「唯一」識別碼。由於 Kernel.rand() 是統計式 PRNG,攻擊者很容易就能猜到其所產生的字串。References
[1] Standards Mapping - Common Weakness Enumeration CWE ID 338
[2] Standards Mapping - DISA Control Correlation Identifier Version 2 CCI-002450
[3] Standards Mapping - FIPS200 MP
[4] Standards Mapping - General Data Protection Regulation (GDPR) Insufficient Data Protection
[5] Standards Mapping - Motor Industry Software Reliability Association (MISRA) C Guidelines 2023 Rule 21.24
[6] Standards Mapping - NIST Special Publication 800-53 Revision 4 SC-13 Cryptographic Protection (P1)
[7] Standards Mapping - NIST Special Publication 800-53 Revision 5 SC-13 Cryptographic Protection
[8] Standards Mapping - OWASP Application Security Verification Standard 4.0 2.3.1 Authenticator Lifecycle Requirements (L1 L2 L3), 2.6.2 Look-up Secret Verifier Requirements (L2 L3), 3.2.2 Session Binding Requirements (L1 L2 L3), 3.2.4 Session Binding Requirements (L2 L3), 6.3.1 Random Values (L2 L3), 6.3.2 Random Values (L2 L3), 6.3.3 Random Values (L3)
[9] Standards Mapping - OWASP Mobile 2014 M6 Broken Cryptography
[10] Standards Mapping - OWASP Mobile 2024 M10 Insufficient Cryptography
[11] Standards Mapping - OWASP Mobile Application Security Verification Standard 2.0 MASVS-CRYPTO-1
[12] Standards Mapping - OWASP Top 10 2004 A8 Insecure Storage
[13] Standards Mapping - OWASP Top 10 2007 A8 Insecure Cryptographic Storage
[14] Standards Mapping - OWASP Top 10 2010 A7 Insecure Cryptographic Storage
[15] Standards Mapping - OWASP Top 10 2021 A02 Cryptographic Failures
[16] Standards Mapping - Payment Card Industry Data Security Standard Version 1.1 Requirement 6.5.8
[17] Standards Mapping - Payment Card Industry Data Security Standard Version 1.2 Requirement 6.3.1.3, Requirement 6.5.8
[18] Standards Mapping - Payment Card Industry Data Security Standard Version 2.0 Requirement 6.5.3
[19] Standards Mapping - Payment Card Industry Data Security Standard Version 3.0 Requirement 6.5.3
[20] Standards Mapping - Payment Card Industry Data Security Standard Version 3.1 Requirement 6.5.3
[21] Standards Mapping - Payment Card Industry Data Security Standard Version 3.2 Requirement 6.5.3
[22] Standards Mapping - Payment Card Industry Data Security Standard Version 3.2.1 Requirement 6.5.3
[23] Standards Mapping - Payment Card Industry Data Security Standard Version 4.0 Requirement 6.2.4
[24] Standards Mapping - Payment Card Industry Software Security Framework 1.0 Control Objective 7.3 - Use of Cryptography
[25] Standards Mapping - Payment Card Industry Software Security Framework 1.1 Control Objective 7.3 - Use of Cryptography, Control Objective B.2.4 - Terminal Software Design
[26] Standards Mapping - Payment Card Industry Software Security Framework 1.2 Control Objective 7.3 - Use of Cryptography, Control Objective B.2.4 - Terminal Software Design
[27] Standards Mapping - SANS Top 25 2009 Porous Defenses - CWE ID 330
[28] Standards Mapping - Security Technical Implementation Guide Version 3.1 APP3150.2 CAT II
[29] Standards Mapping - Security Technical Implementation Guide Version 3.4 APP3150.2 CAT II
[30] Standards Mapping - Security Technical Implementation Guide Version 3.5 APP3150.2 CAT II
[31] Standards Mapping - Security Technical Implementation Guide Version 3.6 APP3150.2 CAT II
[32] Standards Mapping - Security Technical Implementation Guide Version 3.7 APP3150.2 CAT II
[33] Standards Mapping - Security Technical Implementation Guide Version 3.9 APP3150.2 CAT II
[34] Standards Mapping - Security Technical Implementation Guide Version 3.10 APP3150.2 CAT II
[35] Standards Mapping - Security Technical Implementation Guide Version 4.2 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[36] Standards Mapping - Security Technical Implementation Guide Version 4.3 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[37] Standards Mapping - Security Technical Implementation Guide Version 4.4 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[38] Standards Mapping - Security Technical Implementation Guide Version 4.5 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[39] Standards Mapping - Security Technical Implementation Guide Version 4.6 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[40] Standards Mapping - Security Technical Implementation Guide Version 4.7 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[41] Standards Mapping - Security Technical Implementation Guide Version 4.8 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[42] Standards Mapping - Security Technical Implementation Guide Version 4.9 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[43] Standards Mapping - Security Technical Implementation Guide Version 4.10 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[44] Standards Mapping - Security Technical Implementation Guide Version 4.11 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[45] Standards Mapping - Security Technical Implementation Guide Version 4.1 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[46] Standards Mapping - Security Technical Implementation Guide Version 5.1 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[47] Standards Mapping - Security Technical Implementation Guide Version 5.2 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[48] Standards Mapping - Security Technical Implementation Guide Version 5.3 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[49] Standards Mapping - Security Technical Implementation Guide Version 6.1 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
desc.structural.ruby.insecure_randomness
Abstract
標準的虛擬亂數產生器也無法抵擋加密攻擊。
Explanation
在安全性要求較高的環境中,將一個能夠產生可預測值的函數當作隨機來源使用時,會產生 Insecure Randomness 錯誤。
電腦是一種決定性的機器,因此不可能產生真正的隨機性。虛擬亂數產生器 (PRNG, Pseudorandom Number Generator) 近似於隨機演算,會從一個可以計算後續值的種子開始。
PRNG 包括兩種類型:統計式和加密式。統計式 PRNG 可提供有用的統計內容,但是它們的輸出很容易預測,導致複製數值串流很容易。因此,對於因安全性由產生數值決定而導致其不可預測的環境,其並不適用。加密式 PRNG 則會藉由產生更難以預測的輸出來解決這個問題。若要對數值進行加密保護,必須使攻擊者無法或難以區別產生的隨機數值和真實的隨機數值。一般來說,如果沒有指出某個 PRNG 演算法經過加密保護,那麼它很可能是統計式 PRNG,不應在安全性要求較高的環境中使用,否則會引發嚴重弱點,例如易猜的臨時密碼、容易預測的加密金鑰、Session Hijacking 以及 DNS 欺騙。
範例 1:以下程式碼使用統計式 PRNG,為購買後仍在有效期內的收據建立 URL。
此程式碼使用
電腦是一種決定性的機器,因此不可能產生真正的隨機性。虛擬亂數產生器 (PRNG, Pseudorandom Number Generator) 近似於隨機演算,會從一個可以計算後續值的種子開始。
PRNG 包括兩種類型:統計式和加密式。統計式 PRNG 可提供有用的統計內容,但是它們的輸出很容易預測,導致複製數值串流很容易。因此,對於因安全性由產生數值決定而導致其不可預測的環境,其並不適用。加密式 PRNG 則會藉由產生更難以預測的輸出來解決這個問題。若要對數值進行加密保護,必須使攻擊者無法或難以區別產生的隨機數值和真實的隨機數值。一般來說,如果沒有指出某個 PRNG 演算法經過加密保護,那麼它很可能是統計式 PRNG,不應在安全性要求較高的環境中使用,否則會引發嚴重弱點,例如易猜的臨時密碼、容易預測的加密金鑰、Session Hijacking 以及 DNS 欺騙。
範例 1:以下程式碼使用統計式 PRNG,為購買後仍在有效期內的收據建立 URL。
def GenerateReceiptURL(baseUrl : String) : String {
val ranGen = new scala.util.Random()
ranGen.setSeed((new Date()).getTime())
return (baseUrl + ranGen.nextInt(400000000) + ".html")
}
此程式碼使用
Random.nextInt() 函數為其所產生的收據頁面產生「唯一」識別碼。由於 Random.nextInt() 是統計式 PRNG,攻擊者很容易就能猜到其所產生的字串。雖然收據系統的基礎設計也存在錯誤,但是如果它使用一個不會產生可預測收據識別碼的亂數產生器 (例如加密式 PRNG),那就會安全很多。References
[1] Java Cryptography Architecture Oracle
[2] J. Viega, G. McGraw Building Secure Software Addison-Wesley
[3] MSC02-J. Generate strong random numbers CERT
[4] Standards Mapping - Common Weakness Enumeration CWE ID 338
[5] Standards Mapping - DISA Control Correlation Identifier Version 2 CCI-002450
[6] Standards Mapping - FIPS200 MP
[7] Standards Mapping - General Data Protection Regulation (GDPR) Insufficient Data Protection
[8] Standards Mapping - Motor Industry Software Reliability Association (MISRA) C Guidelines 2023 Rule 21.24
[9] Standards Mapping - NIST Special Publication 800-53 Revision 4 SC-13 Cryptographic Protection (P1)
[10] Standards Mapping - NIST Special Publication 800-53 Revision 5 SC-13 Cryptographic Protection
[11] Standards Mapping - OWASP Application Security Verification Standard 4.0 2.3.1 Authenticator Lifecycle Requirements (L1 L2 L3), 2.6.2 Look-up Secret Verifier Requirements (L2 L3), 3.2.2 Session Binding Requirements (L1 L2 L3), 3.2.4 Session Binding Requirements (L2 L3), 6.3.1 Random Values (L2 L3), 6.3.2 Random Values (L2 L3), 6.3.3 Random Values (L3)
[12] Standards Mapping - OWASP Mobile 2014 M6 Broken Cryptography
[13] Standards Mapping - OWASP Mobile 2024 M10 Insufficient Cryptography
[14] Standards Mapping - OWASP Mobile Application Security Verification Standard 2.0 MASVS-CRYPTO-1
[15] Standards Mapping - OWASP Top 10 2004 A8 Insecure Storage
[16] Standards Mapping - OWASP Top 10 2007 A8 Insecure Cryptographic Storage
[17] Standards Mapping - OWASP Top 10 2010 A7 Insecure Cryptographic Storage
[18] Standards Mapping - OWASP Top 10 2021 A02 Cryptographic Failures
[19] Standards Mapping - Payment Card Industry Data Security Standard Version 1.1 Requirement 6.5.8
[20] Standards Mapping - Payment Card Industry Data Security Standard Version 1.2 Requirement 6.3.1.3, Requirement 6.5.8
[21] Standards Mapping - Payment Card Industry Data Security Standard Version 2.0 Requirement 6.5.3
[22] Standards Mapping - Payment Card Industry Data Security Standard Version 3.0 Requirement 6.5.3
[23] Standards Mapping - Payment Card Industry Data Security Standard Version 3.1 Requirement 6.5.3
[24] Standards Mapping - Payment Card Industry Data Security Standard Version 3.2 Requirement 6.5.3
[25] Standards Mapping - Payment Card Industry Data Security Standard Version 3.2.1 Requirement 6.5.3
[26] Standards Mapping - Payment Card Industry Data Security Standard Version 4.0 Requirement 6.2.4
[27] Standards Mapping - Payment Card Industry Software Security Framework 1.0 Control Objective 7.3 - Use of Cryptography
[28] Standards Mapping - Payment Card Industry Software Security Framework 1.1 Control Objective 7.3 - Use of Cryptography, Control Objective B.2.4 - Terminal Software Design
[29] Standards Mapping - Payment Card Industry Software Security Framework 1.2 Control Objective 7.3 - Use of Cryptography, Control Objective B.2.4 - Terminal Software Design
[30] Standards Mapping - SANS Top 25 2009 Porous Defenses - CWE ID 330
[31] Standards Mapping - Security Technical Implementation Guide Version 3.1 APP3150.2 CAT II
[32] Standards Mapping - Security Technical Implementation Guide Version 3.4 APP3150.2 CAT II
[33] Standards Mapping - Security Technical Implementation Guide Version 3.5 APP3150.2 CAT II
[34] Standards Mapping - Security Technical Implementation Guide Version 3.6 APP3150.2 CAT II
[35] Standards Mapping - Security Technical Implementation Guide Version 3.7 APP3150.2 CAT II
[36] Standards Mapping - Security Technical Implementation Guide Version 3.9 APP3150.2 CAT II
[37] Standards Mapping - Security Technical Implementation Guide Version 3.10 APP3150.2 CAT II
[38] Standards Mapping - Security Technical Implementation Guide Version 4.2 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[39] Standards Mapping - Security Technical Implementation Guide Version 4.3 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[40] Standards Mapping - Security Technical Implementation Guide Version 4.4 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[41] Standards Mapping - Security Technical Implementation Guide Version 4.5 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[42] Standards Mapping - Security Technical Implementation Guide Version 4.6 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[43] Standards Mapping - Security Technical Implementation Guide Version 4.7 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[44] Standards Mapping - Security Technical Implementation Guide Version 4.8 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[45] Standards Mapping - Security Technical Implementation Guide Version 4.9 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[46] Standards Mapping - Security Technical Implementation Guide Version 4.10 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[47] Standards Mapping - Security Technical Implementation Guide Version 4.11 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[48] Standards Mapping - Security Technical Implementation Guide Version 4.1 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[49] Standards Mapping - Security Technical Implementation Guide Version 5.1 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[50] Standards Mapping - Security Technical Implementation Guide Version 5.2 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[51] Standards Mapping - Security Technical Implementation Guide Version 5.3 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[52] Standards Mapping - Security Technical Implementation Guide Version 6.1 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
desc.semantic.scala.insecure_randomness
Abstract
標準的虛擬亂數產生器也無法抵擋加密攻擊。
Explanation
在安全性要求較高的環境中,將一個能夠產生可預測值的函數當作隨機來源使用時,會產生 Insecure Randomness 錯誤。
電腦是一種決定性的機器,因此不可能產生真正的隨機性。虛擬亂數產生器 (PRNG, Pseudorandom Number Generator) 近似於隨機演算,會從一個可以計算後續值的種子開始。
PRNG 包括兩種類型:統計式和加密式。統計式 PRNG 可提供有用的統計內容,但是它們的輸出很容易預測,導致複製數值串流很容易。因此,對於因安全性由產生數值決定而導致其不可預測的環境,其並不適用。加密式 PRNG 則會藉由產生更難以預測的輸出來解決這個問題。若要對數值進行加密保護,必須使攻擊者無法或難以區別產生的隨機數值和真實的隨機數值。一般來說,如果沒有指出某個 PRNG 演算法經過加密保護,那麼它很可能是統計式 PRNG,不應在安全性要求較高的環境中使用,否則會引發嚴重弱點,例如易猜的臨時密碼、容易預測的加密金鑰、Session Hijacking 以及 DNS 欺騙。
範例 1:以下程式碼使用統計 PRNG 來建立隨機值,此值將用作重設密碼權杖。
電腦是一種決定性的機器,因此不可能產生真正的隨機性。虛擬亂數產生器 (PRNG, Pseudorandom Number Generator) 近似於隨機演算,會從一個可以計算後續值的種子開始。
PRNG 包括兩種類型:統計式和加密式。統計式 PRNG 可提供有用的統計內容,但是它們的輸出很容易預測,導致複製數值串流很容易。因此,對於因安全性由產生數值決定而導致其不可預測的環境,其並不適用。加密式 PRNG 則會藉由產生更難以預測的輸出來解決這個問題。若要對數值進行加密保護,必須使攻擊者無法或難以區別產生的隨機數值和真實的隨機數值。一般來說,如果沒有指出某個 PRNG 演算法經過加密保護,那麼它很可能是統計式 PRNG,不應在安全性要求較高的環境中使用,否則會引發嚴重弱點,例如易猜的臨時密碼、容易預測的加密金鑰、Session Hijacking 以及 DNS 欺騙。
範例 1:以下程式碼使用統計 PRNG 來建立隨機值,此值將用作重設密碼權杖。
sqlite3_randomness(10, &reset_token)
References
[1] J. Viega, G. McGraw Building Secure Software Addison-Wesley
[2] Elaine Barker and John Kelsey NIST Special Publication 800-90A: Recommendation for Random Number Generation Using Deterministic Random Bit Generators NIST
[3] Elaine Barker and John Kelsey NIST DRAFT Special Publication 800-90B: Recommendation for the Entropy Sources Used for Random Bit Generation NIST
[4] Elaine Barker and John Kelsey DRAFT NIST Special Publication 800-90C: Recommendation for Random Bit Generator (RBG) Constructions NIST
[5] Standards Mapping - Common Weakness Enumeration CWE ID 338
[6] Standards Mapping - DISA Control Correlation Identifier Version 2 CCI-002450
[7] Standards Mapping - FIPS200 MP
[8] Standards Mapping - General Data Protection Regulation (GDPR) Insufficient Data Protection
[9] Standards Mapping - Motor Industry Software Reliability Association (MISRA) C Guidelines 2023 Rule 21.24
[10] Standards Mapping - NIST Special Publication 800-53 Revision 4 SC-13 Cryptographic Protection (P1)
[11] Standards Mapping - NIST Special Publication 800-53 Revision 5 SC-13 Cryptographic Protection
[12] Standards Mapping - OWASP Application Security Verification Standard 4.0 2.3.1 Authenticator Lifecycle Requirements (L1 L2 L3), 2.6.2 Look-up Secret Verifier Requirements (L2 L3), 3.2.2 Session Binding Requirements (L1 L2 L3), 3.2.4 Session Binding Requirements (L2 L3), 6.3.1 Random Values (L2 L3), 6.3.2 Random Values (L2 L3), 6.3.3 Random Values (L3)
[13] Standards Mapping - OWASP Mobile 2014 M6 Broken Cryptography
[14] Standards Mapping - OWASP Mobile 2024 M10 Insufficient Cryptography
[15] Standards Mapping - OWASP Mobile Application Security Verification Standard 2.0 MASVS-CRYPTO-1
[16] Standards Mapping - OWASP Top 10 2004 A8 Insecure Storage
[17] Standards Mapping - OWASP Top 10 2007 A8 Insecure Cryptographic Storage
[18] Standards Mapping - OWASP Top 10 2010 A7 Insecure Cryptographic Storage
[19] Standards Mapping - OWASP Top 10 2021 A02 Cryptographic Failures
[20] Standards Mapping - Payment Card Industry Data Security Standard Version 1.1 Requirement 6.5.8
[21] Standards Mapping - Payment Card Industry Data Security Standard Version 1.2 Requirement 6.3.1.3, Requirement 6.5.8
[22] Standards Mapping - Payment Card Industry Data Security Standard Version 2.0 Requirement 6.5.3
[23] Standards Mapping - Payment Card Industry Data Security Standard Version 3.0 Requirement 6.5.3
[24] Standards Mapping - Payment Card Industry Data Security Standard Version 3.1 Requirement 6.5.3
[25] Standards Mapping - Payment Card Industry Data Security Standard Version 3.2 Requirement 6.5.3
[26] Standards Mapping - Payment Card Industry Data Security Standard Version 3.2.1 Requirement 6.5.3
[27] Standards Mapping - Payment Card Industry Data Security Standard Version 4.0 Requirement 6.2.4
[28] Standards Mapping - Payment Card Industry Software Security Framework 1.0 Control Objective 7.3 - Use of Cryptography
[29] Standards Mapping - Payment Card Industry Software Security Framework 1.1 Control Objective 7.3 - Use of Cryptography, Control Objective B.2.4 - Terminal Software Design
[30] Standards Mapping - Payment Card Industry Software Security Framework 1.2 Control Objective 7.3 - Use of Cryptography, Control Objective B.2.4 - Terminal Software Design
[31] Standards Mapping - SANS Top 25 2009 Porous Defenses - CWE ID 330
[32] Standards Mapping - Security Technical Implementation Guide Version 3.1 APP3150.2 CAT II
[33] Standards Mapping - Security Technical Implementation Guide Version 3.4 APP3150.2 CAT II
[34] Standards Mapping - Security Technical Implementation Guide Version 3.5 APP3150.2 CAT II
[35] Standards Mapping - Security Technical Implementation Guide Version 3.6 APP3150.2 CAT II
[36] Standards Mapping - Security Technical Implementation Guide Version 3.7 APP3150.2 CAT II
[37] Standards Mapping - Security Technical Implementation Guide Version 3.9 APP3150.2 CAT II
[38] Standards Mapping - Security Technical Implementation Guide Version 3.10 APP3150.2 CAT II
[39] Standards Mapping - Security Technical Implementation Guide Version 4.2 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[40] Standards Mapping - Security Technical Implementation Guide Version 4.3 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[41] Standards Mapping - Security Technical Implementation Guide Version 4.4 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[42] Standards Mapping - Security Technical Implementation Guide Version 4.5 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[43] Standards Mapping - Security Technical Implementation Guide Version 4.6 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[44] Standards Mapping - Security Technical Implementation Guide Version 4.7 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[45] Standards Mapping - Security Technical Implementation Guide Version 4.8 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[46] Standards Mapping - Security Technical Implementation Guide Version 4.9 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[47] Standards Mapping - Security Technical Implementation Guide Version 4.10 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[48] Standards Mapping - Security Technical Implementation Guide Version 4.11 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[49] Standards Mapping - Security Technical Implementation Guide Version 4.1 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[50] Standards Mapping - Security Technical Implementation Guide Version 5.1 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[51] Standards Mapping - Security Technical Implementation Guide Version 5.2 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[52] Standards Mapping - Security Technical Implementation Guide Version 5.3 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[53] Standards Mapping - Security Technical Implementation Guide Version 6.1 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
desc.semantic.swift.insecure_randomness
Abstract
標準的虛擬亂數產生器也無法抵擋加密攻擊。
Explanation
在安全性要求較高的環境中,將一個能夠產生可預測值的函數當作隨機來源使用時,會產生 Insecure Randomness 錯誤。
電腦是一種決定性的機器,因此不可能產生真正的隨機性。虛擬亂數產生器 (PRNG, Pseudorandom Number Generator) 近似於隨機演算,會從一個可以計算後續值的種子開始。
PRNG 包括兩種類型:統計式和加密式。統計式 PRNG 可提供有用的統計內容,但是它們的輸出很容易預測,導致複製數值串流很容易。因此,對於因安全性由產生數值決定而導致其不可預測的環境,其並不適用。加密式 PRNG 則會藉由產生更難以預測的輸出來解決這個問題。若要對數值進行加密保護,必須使攻擊者無法或難以區別產生的隨機數值和真實的隨機數值。一般來說,如果沒有指出某個 PRNG 演算法經過加密保護,那麼它很可能是統計式 PRNG,不應在安全性要求較高的環境中使用,否則會引發嚴重弱點,例如易猜的臨時密碼、容易預測的加密金鑰、Session Hijacking 以及 DNS 欺騙。
範例 1:以下程式碼使用統計式 PRNG,為購買後仍在有效期內的收據建立 URL。
此程式碼使用
電腦是一種決定性的機器,因此不可能產生真正的隨機性。虛擬亂數產生器 (PRNG, Pseudorandom Number Generator) 近似於隨機演算,會從一個可以計算後續值的種子開始。
PRNG 包括兩種類型:統計式和加密式。統計式 PRNG 可提供有用的統計內容,但是它們的輸出很容易預測,導致複製數值串流很容易。因此,對於因安全性由產生數值決定而導致其不可預測的環境,其並不適用。加密式 PRNG 則會藉由產生更難以預測的輸出來解決這個問題。若要對數值進行加密保護,必須使攻擊者無法或難以區別產生的隨機數值和真實的隨機數值。一般來說,如果沒有指出某個 PRNG 演算法經過加密保護,那麼它很可能是統計式 PRNG,不應在安全性要求較高的環境中使用,否則會引發嚴重弱點,例如易猜的臨時密碼、容易預測的加密金鑰、Session Hijacking 以及 DNS 欺騙。
範例 1:以下程式碼使用統計式 PRNG,為購買後仍在有效期內的收據建立 URL。
...
Function genReceiptURL(baseURL)
dim randNum
randNum = Rnd()
genReceiptURL = baseURL & randNum & ".html"
End Function
...
此程式碼使用
Rnd() 函數為其所產生的收據頁面產生「唯一」識別碼。由於 Rnd() 是統計式 PRNG,攻擊者很容易就能猜到其所產生的字串。雖然收據系統的基礎設計也存在錯誤,但是如果它使用一個不會產生可預測收據識別碼的亂數產生器 (例如加密式 PRNG),那就會安全很多。References
[1] J. Viega, G. McGraw Building Secure Software Addison-Wesley
[2] CryptoAPI: CryptGenRandom() Microsoft
[3] Standards Mapping - Common Weakness Enumeration CWE ID 338
[4] Standards Mapping - DISA Control Correlation Identifier Version 2 CCI-002450
[5] Standards Mapping - FIPS200 MP
[6] Standards Mapping - General Data Protection Regulation (GDPR) Insufficient Data Protection
[7] Standards Mapping - Motor Industry Software Reliability Association (MISRA) C Guidelines 2023 Rule 21.24
[8] Standards Mapping - NIST Special Publication 800-53 Revision 4 SC-13 Cryptographic Protection (P1)
[9] Standards Mapping - NIST Special Publication 800-53 Revision 5 SC-13 Cryptographic Protection
[10] Standards Mapping - OWASP Application Security Verification Standard 4.0 2.3.1 Authenticator Lifecycle Requirements (L1 L2 L3), 2.6.2 Look-up Secret Verifier Requirements (L2 L3), 3.2.2 Session Binding Requirements (L1 L2 L3), 3.2.4 Session Binding Requirements (L2 L3), 6.3.1 Random Values (L2 L3), 6.3.2 Random Values (L2 L3), 6.3.3 Random Values (L3)
[11] Standards Mapping - OWASP Mobile 2014 M6 Broken Cryptography
[12] Standards Mapping - OWASP Mobile 2024 M10 Insufficient Cryptography
[13] Standards Mapping - OWASP Mobile Application Security Verification Standard 2.0 MASVS-CRYPTO-1
[14] Standards Mapping - OWASP Top 10 2004 A8 Insecure Storage
[15] Standards Mapping - OWASP Top 10 2007 A8 Insecure Cryptographic Storage
[16] Standards Mapping - OWASP Top 10 2010 A7 Insecure Cryptographic Storage
[17] Standards Mapping - OWASP Top 10 2021 A02 Cryptographic Failures
[18] Standards Mapping - Payment Card Industry Data Security Standard Version 1.1 Requirement 6.5.8
[19] Standards Mapping - Payment Card Industry Data Security Standard Version 1.2 Requirement 6.3.1.3, Requirement 6.5.8
[20] Standards Mapping - Payment Card Industry Data Security Standard Version 2.0 Requirement 6.5.3
[21] Standards Mapping - Payment Card Industry Data Security Standard Version 3.0 Requirement 6.5.3
[22] Standards Mapping - Payment Card Industry Data Security Standard Version 3.1 Requirement 6.5.3
[23] Standards Mapping - Payment Card Industry Data Security Standard Version 3.2 Requirement 6.5.3
[24] Standards Mapping - Payment Card Industry Data Security Standard Version 3.2.1 Requirement 6.5.3
[25] Standards Mapping - Payment Card Industry Data Security Standard Version 4.0 Requirement 6.2.4
[26] Standards Mapping - Payment Card Industry Software Security Framework 1.0 Control Objective 7.3 - Use of Cryptography
[27] Standards Mapping - Payment Card Industry Software Security Framework 1.1 Control Objective 7.3 - Use of Cryptography, Control Objective B.2.4 - Terminal Software Design
[28] Standards Mapping - Payment Card Industry Software Security Framework 1.2 Control Objective 7.3 - Use of Cryptography, Control Objective B.2.4 - Terminal Software Design
[29] Standards Mapping - SANS Top 25 2009 Porous Defenses - CWE ID 330
[30] Standards Mapping - Security Technical Implementation Guide Version 3.1 APP3150.2 CAT II
[31] Standards Mapping - Security Technical Implementation Guide Version 3.4 APP3150.2 CAT II
[32] Standards Mapping - Security Technical Implementation Guide Version 3.5 APP3150.2 CAT II
[33] Standards Mapping - Security Technical Implementation Guide Version 3.6 APP3150.2 CAT II
[34] Standards Mapping - Security Technical Implementation Guide Version 3.7 APP3150.2 CAT II
[35] Standards Mapping - Security Technical Implementation Guide Version 3.9 APP3150.2 CAT II
[36] Standards Mapping - Security Technical Implementation Guide Version 3.10 APP3150.2 CAT II
[37] Standards Mapping - Security Technical Implementation Guide Version 4.2 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[38] Standards Mapping - Security Technical Implementation Guide Version 4.3 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[39] Standards Mapping - Security Technical Implementation Guide Version 4.4 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[40] Standards Mapping - Security Technical Implementation Guide Version 4.5 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[41] Standards Mapping - Security Technical Implementation Guide Version 4.6 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[42] Standards Mapping - Security Technical Implementation Guide Version 4.7 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[43] Standards Mapping - Security Technical Implementation Guide Version 4.8 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[44] Standards Mapping - Security Technical Implementation Guide Version 4.9 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[45] Standards Mapping - Security Technical Implementation Guide Version 4.10 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[46] Standards Mapping - Security Technical Implementation Guide Version 4.11 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[47] Standards Mapping - Security Technical Implementation Guide Version 4.1 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[48] Standards Mapping - Security Technical Implementation Guide Version 5.1 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[49] Standards Mapping - Security Technical Implementation Guide Version 5.2 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[50] Standards Mapping - Security Technical Implementation Guide Version 5.3 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
[51] Standards Mapping - Security Technical Implementation Guide Version 6.1 APSC-DV-002010 CAT II, APSC-DV-002050 CAT II
desc.semantic.vb.insecure_randomness