Main Content

CERT C++: MSC32-C

Properly seed pseudorandom number generators

Description

Rule Definition

Properly seed pseudorandom number generators.1

Polyspace Implementation

The rule checker checks for these issues:

  • Deterministic random output from constant seed.

  • Predictable random output from predictable seed.

Examples

expand all

Issue

Deterministic random output from constant seed detects random standard functions that when given a constant seed, have deterministic output.

Risk

When some random functions, such as srand, srandom, and initstate, have constant seeds, the results produce the same output every time that your program is run. A hacker can disrupt your program if they know how your program behaves.

Fix

Use a different random standard function or use a nonconstant seed.

Some standard random routines are inherently cryptographically weak, and should not be used for security purposes.

Example - Random Number Generator Initialization
#include <stdlib.h>

void random_num(void)
{
    srand(12345U); //Noncompliant
    /* ... */
}

This example initializes a random number generator using srand with a constant seed. The random number generation is deterministic, making this function cryptographically weak.

Correction — Use Different Random Number Generator

One possible correction is to use a random number generator that does not require a seed. This example uses rand_s.


#define _CRT_RAND_S
#include <stdlib.h>
#include <stdio.h>

unsigned int random_num_time(void)
{

    unsigned int number;
    errno_t err;
    err = rand_s(&number);

    if(err != 0)
    {
        return number;
    }
    else
    {
        return err;
    }
}
Issue

Predictable random output from predictable seed looks for random standard functions that use a nonconstant but predictable seed. Examples of predictable seed generators are time, gettimeofday, and getpid.

Risk

When you use predictable seed values for random number generation, your random numbers are also predictable. A hacker can disrupt your program if they know how your program behaves.

Fix

You can use a different function to generate less predictable seeds.

You can also use a different random number generator that does not require a seed. For example, the Windows® API function rand_s seeds itself by default. It uses information from the entire system, for example, system time, thread ids, system counter, and memory clusters. This information is more random and a user cannot access this information.

Some standard random routines are inherently cryptographically weak, and should not be used for security purposes.

Example - Seed as an Argument
#include <stdlib.h>
#include <time.h>

void seed_rng(int seed)
{
    srand(seed); //Noncompliant
}

int generate_num(void)
{
    seed_rng(time(NULL) + 3);
    /* ... */
}

This example uses srand to start the random number generator with seed as the seed. However, seed is predictable because the function time generates it. So, an attacker can predict the random numbers generated by srand.

Correction — Use Different Random Number Generator

One possible correction is to use a random number generator that does not require a seed. This example uses rand_s.


#define _CRT_RAND_S

#include <stdlib.h>
#include <stdio.h>
#include <errno.h>

int generate_num(void)
{
    unsigned int number;
    errno_t err;
    err = rand_s(&number);

    if(err != 0)
    {
        return number;
    }
    else
    {
        return err;
    }
}

Check Information

Group: 49. Miscellaneous (MSC)

Version History

Introduced in R2019a


1 This software has been created by MathWorks incorporating portions of: the “SEI CERT-C Website,” © 2017 Carnegie Mellon University, the SEI CERT-C++ Web site © 2017 Carnegie Mellon University, ”SEI CERT C Coding Standard – Rules for Developing safe, Reliable and Secure systems – 2016 Edition,” © 2016 Carnegie Mellon University, and “SEI CERT C++ Coding Standard – Rules for Developing safe, Reliable and Secure systems in C++ – 2016 Edition” © 2016 Carnegie Mellon University, with special permission from its Software Engineering Institute.

ANY MATERIAL OF CARNEGIE MELLON UNIVERSITY AND/OR ITS SOFTWARE ENGINEERING INSTITUTE CONTAINED HEREIN IS FURNISHED ON AN "AS-IS" BASIS. CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT.

This software and associated documentation has not been reviewed nor is it endorsed by Carnegie Mellon University or its Software Engineering Institute.