Insecure Randomness

php.insecure_randomness

Severity

high

Resource

Predictability

Language

Php

Description

Use of cryptographically weak pseudo-random number generator (PRNG).

Insecure randomness errors occur when a function that can produce predictable values is used as a source of randomness in a security-sensitive context.

Computers are unable to produce true randomness. Pseudo-Random Number Generators (PRNGs) approximate randomness algorithmically, starting with a seed from which subsequent values are calculated.

There are two types of PRNGs: statistical and cryptographic. Statistical PRNGs provide useful statistical properties, but their output is predictable and forms an easy to reproduce numeric stream, unsuitable for use in cases where security depends on generated values being unpredictable.

Cryptographic PRNGs address this problem by generating output that is more difficult to predict. For a value to be cryptographically secure, it must be highly improbable for an attacker to distinguish between it and a truly random value. In general, if a PRNG algorithm is not advertised as being cryptographically secure, then it is probably a statistical PRNG and should not be used in security-sensitive contexts, where its use can lead to serious vulnerabilities such as easy-to-guess temporary passwords, predictable cryptographic keys, session hijacking, and DNS spoofing.

Rationale

Randomness is often utilized in software applications for generating keys, tokens, session identifiers, and more. However, not all random number generators are suitable for security-sensitive tasks.

In PHP, using functions such as rand() or mt_rand() generates pseudo-random numbers that are not cryptographically secure. These functions are based on deterministic algorithms and can be predicted with enough outputs observed.

The random_int() and random_bytes() functions, introduced in PHP 7, provide a more secure alternative for generating random numbers suitable for security purposes. These functions leverage any available secure sources of randomness provided by the operating system.

Example of insecure randomness:

<?php
// Insecure usage of mt_rand
$sessionToken = mt_rand(100000, 999999);
echo "Session Token: $sessionToken";
?>

Remediation

To remediate issues related to insecure randomness in PHP:

Identify Insecure Functions: Replace all instances of rand(), mt_rand(), uniqid(), or other insecure randomness functions with secure alternatives such as random_int() and random_bytes().
Use Cryptographically Secure Functions: Ensure that all random numbers used for security purposes (e.g., tokens, keys, nonces) are generated using cryptographically secure functions.
- random_int() is ideal for generating integers.
- random_bytes() can be used for generating random byte strings.
Audit Code Regularly: Regularly review code for the use of insecure randomness functions, especially in sections dealing with authentication, authorization, and sensitive data generation.
Security Training: Educate developers on the importance of secure randomness and the appropriate use of cryptographically strong functions in PHP.

By following these guidelines, the application will be protected against vulnerabilities that arise from predictable random number generation.

Configuration

The rule has the following configurable parameters:

checkSecurityContext, that indicates if the detector should raise issues that are not located under a security context. When this is set to false, the issues not located under a security context will still be reported but with INFO severity.
securityContextPattern, the pattern used to match the code units (like functions) that are related to a security context.

References

CWE-338 : Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG).
CWE-330 : Use of Insufficiently Random Values
CWE-332 : Insufficient Entropy in PRNG
CWE-336 : Same Seed in Pseudo-Random Number Generator (PRNG)
CWE-337 : Predictable Seed in Pseudo-Random Number Generator (PRNG)
OWASP - Top 10 2021 - A2 : Cryptographic Failures