# Weak Random Generation ## Overview Applications use random values in many flows for security purposes, such as password recovery or session generation. However, not every value that seems random actually is. As a result, if an application relies on generators to produce values that can be predicted, then that application is vulnerable. ## When random values can be predicted? There are several conditions that may allow you to predict generated random values: * Insufficient length of generated values (this usually means the lenght < 16 bytes). * Short alphabet that is used for generation. * Using static values for generation. * Using values that can be easily guessed (for example, timestamp). * Using statistical random number generators whose output can be reproduced. Often, the fulfillment of one or more of the conditions above will result in the ability to predict generated values. ## Random generation ### Go Weak generation: * [math/rand](https://pkg.go.dev/math/rand) Crypto-strong generation: * [crypto/rand](https://pkg.go.dev/crypto/rand) ### Java Weak generation: * [java.util.Random](https://docs.oracle.com/javase/8/docs/api/java/util/Random.html) * [org.apache.commons.lang3.RandomStringUtils](https://commons.apache.org/proper/commons-lang/apidocs/org/apache/commons/lang3/RandomStringUtils.html) Crypto-strong generation: * [java.security.SecureRandom](https://docs.oracle.com/javase/8/docs/api/java/security/SecureRandom.html) For a UNIX-like OS, the default strong generation algorithm is `NativePRNGBlocking`, which is based on `/dev/random`. As a result, `SecureRandom.getInstanceStrong()` will return a `SecureRandom` implementation that can block the current thread when the `generateSeed` or `nextBytes` methods is called. References: * [Everything about Java's SecureRandom](https://metebalci.com/blog/everything-about-javas-securerandom/) * [CRACKING THE ODD CASE OF RANDOMNESS IN JAVA](https://www.elttam.com/blog/cracking-randomness-in-java/) * [elttam/rsu-cracker - RandomStringUtils/nextInt Cracker](https://github.com/elttam/rsu-cracker) ### Node.js Weak generation: * [Math.random()](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Math/random) Crypto-strong generation: * [node:crypto](https://nodejs.org/api/crypto.html) ### Python Weak generation: * [random](https://docs.python.org/3/library/random.html) Crypto-strong generation: * [secrets](https://docs.python.org/3/library/secrets.html) ### Ruby Weak generation: * [Random](https://ruby-doc.org/core-2.4.0/Random.html) * [Kernel.rand](https://ruby-doc.org/core-2.4.0/Kernel.html#method-i-rand) Crypto-strong generation: * [SecureRandom](https://ruby-doc.org/stdlib-2.5.1/libdoc/securerandom/rdoc/SecureRandom.html) ## UUID/GUID Universally unique identifier (UUID) or globally unique identifier (GUID) is a 128-bit label used for information in computer systems. UUID/GUID has the following format: ``` 123e4567-e89b-12d3-a456-426614174000 ``` There are five versions of UUID/GUID versions defined in the [RFC4122](https://datatracker.ietf.org/doc/html/rfc4122#section-4.2.2): * **Version 0** Only seen in the nil UUID/GUID `00000000-0000-0000-0000-000000000000`. * **Version 1** The UUID/GUID is generated in a predictable manner based on: * The current time. * A randomly generated "clock sequence" which remains constant between UUIDs/GUIDs during the uptime of the generating system. * A "node ID", which is generated based on the system's MAC address if it is available. * **Version 3** The UUID/GUID is generated using an MD5 hash of a provided name and namespace. * **Version 4** The UUID/GUID is randomly generated. * **Version 5** The UUID/GUID is generated using a SHA1 hash of a provided name and namespace. You can find the UUID/GUID version number directly after the second hyphen. For example, the UUID/GUID shown above is a version 4. ``` bcd510ca-3357-48d7-8e3f-1206b9c09632 ^ ``` As you can see there is only version 4 which uses a random number generator to generate the values. Therefore, other versions can be potentially predicted. In the references you can find a link to a tool that allows generating UUID/GUID of version 1 based on a creation time and a UUID/GUID sample. References: * [Intruder - Cyber Security Research: In GUID We Trust](https://www.intruder.io/research/in-guid-we-trust) * [intruder-io/guidtool: A tool to inspect and attack version 1 GUIDs](https://github.com/intruder-io/guidtool) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://0xn3va.gitbook.io/cheat-sheets/web-application/weak-random-generation.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.