GO-S1033 · Random number generator seed doesn't have enough entropy

Random number generator seed doesn't have enough entropy GO-S1033

Security

Major

2 months ago — a year old

a02 cwe-336 cwe-337 owasp top 10 cwe-331

Time based seeds have insufficient entropy

 805	buttons = noteData.Buttons
 806
 807	// Random data goes there
 808	rand.Seed(time.Now().Unix()) 809	rstrings := strings.Split(noteData.NoteContent, "%%%")
 810	if len(rstrings) == 1 {
 811		sent = rstrings[0]

Time based seeds have insufficient entropy

alita/utils/helpers/helpers.go

 724	buttons = tmpfilterData.Buttons
 725
 726	// Random data goes there
 727	rand.Seed(time.Now().Unix()) 728	rstrings := strings.Split(tmpfilterData.FilterReply, "%%%")
 729	if len(rstrings) == 1 {
 730		sent = rstrings[0]

Description

As math/rand uses a statistical random number generator, using a low entropy seed (such as constants and the current system time) may allow an attacker to predict what the following number generated is.

Bad practice

package main

import (
    "math/rand"
    "time"
)

func main() {
    rand.Seed(42)                // constant seeds are bad
    rand.Seed(time.Now().Unix()) // time based seeds don't have sufficient entropy
}

divideprojects / Alita_Robot

Bad practice

References