Predictable cipher key
Encryption or decryption key is generated from a weak random number generator
Description
This defect occurs when you use a weak random number generator for the encryption or decryption key.
Risk
If you use a weak random number generator for the encryption or decryption key, an attacker can retrieve your key easily.
You use a key to encrypt and later decrypt your data. If a key is easily retrieved, data encrypted using that key is not secure.
Fix
Use a strong pseudo-random number generator (PRNG) for the key. For instance:
Use an OS-level PRNG such as
/dev/randomon UNIX® orCryptGenRandom()on Windows®Use an application-level PRNG such as Advanced Encryption Standard (AES) in Counter (CTR) mode, HMAC-SHA1, etc.
For a list of random number generators that are cryptographically
weak, see Vulnerable pseudo-random
number generator.
Examples
Result Information
| Group: Cryptography |
| Language: C | C++ |
| Default: Off |
Command-Line Syntax: CRYPTO_CIPHER_PREDICTABLE_KEY |
| Impact: Medium |
Version History
Introduced in R2017a
See Also
Topics
- Interpret Bug Finder Results in Polyspace Desktop User Interface
- Interpret Bug Finder Results in Polyspace Access Web Interface (Polyspace Access)
- Address Results in Polyspace User Interface Through Bug Fixes or Justifications
- Address Results in Polyspace Access Through Bug Fixes or Justifications (Polyspace Access)
You can also select a web site from the following list
Americas
- América Latina (Español)
- Canada (English)
- United States (English)
Europe
- Belgium (English)
- Denmark (English)
- Deutschland (Deutsch)
- España (Español)
- Finland (English)
- France (Français)
- Ireland (English)
- Italia (Italiano)
- Luxembourg (English)
- Netherlands (English)
- Norway (English)
- Österreich (Deutsch)
- Portugal (English)
- Sweden (English)
- Switzerland
- United Kingdom (English)
Asia Pacific
- Australia (English)
- India (English)
- New Zealand (English)
- 中国
- 日本Japanese (日本語)
- 한국Korean (한국어)