Use of Cryptographically Weak Pseudo-Random Number Generator SHA1PRNG

JAV004

weak_prng

CWE-338

⚠️ Warning

---

This rule identifies instances where the Java SecureRandom class is instantiated with the SHA1PRNG algorithm. While SHA1PRNG has been widely used, it is considered less secure and potentially vulnerable compared to newer algorithms available. The use of stronger algorithms is recommended to ensure the cryptographic strength of random numbers.

The SHA1PRNG algorithm for SecureRandom may not provide a sufficiently strong level of randomness for security-sensitive applications. SHA-1 has been found to be weaker against collision attacks, and while SHA1PRNG is not directly equivalent to SHA-1, its association and the lack of transparency in its implementation across different Java platforms raise concerns about its suitability and security. Modern cryptographic applications require stronger guarantees of randomness to prevent attacks.

Example

import java.security.*;

public class WeakRNG {
    public static void main(String[] args) {
        try {
            SecureRandom sr = SecureRandom.getInstance("SHA1PRNG");
        } catch (NoSuchAlgorithmException e) {
            System.err.println("SHA1PRNG random algorithm not available.");
        }
    }
}

Remediation

It is recommended to use SecureRandom without specifying an algorithm, allowing the Java runtime to select the strongest available algorithm, or explicitly specify a more secure algorithm like NativePRNG or DRBG where available and appropriate for the application's requirements. This ensures the use of secure and up-to-date algorithms for random number generation.

import java.security.*;

public class StrongRNG {
    public static void main(String[] args) {
        SecureRandom sr = new SecureRandom();
    }
}

False Positives

In the case of a false positive the rule can be suppressed. Simply add a trailing or preceding comment line with either the rule ID (JAV004) or rule category name (weak_prng).

Using rule ID

fix

import java.security.*;

public class WeakRNG {
    public static void main(String[] args) {
        try {
            // suppress: JAV004
            SecureRandom sr = SecureRandom.getInstance("SHA1PRNG");
        } catch (NoSuchAlgorithmException e) {
            System.err.println("SHA1PRNG random algorithm not available.");
        }
    }
}

Using category name

fix

import java.security.*;

public class WeakRNG {
    public static void main(String[] args) {
        try {
            // suppress: weak_prng
            SecureRandom sr = SecureRandom.getInstance("SHA1PRNG");
        } catch (NoSuchAlgorithmException e) {
            System.err.println("SHA1PRNG random algorithm not available.");
        }
    }
}

See also

info

• SecureRandom (Java SE & JDK)
• CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
• Recommendations for Random Number Generation Using Deterministic Random Bit Generators (NIST SP 800-90A)
• Weak Random
• Android Developers Blog Security Crypto provider deprecated in Android N ::