Update docs/Secure-Coding-Guide-for-Python/CWE-693/CWE-330/README.md

Signed-off-by: myteron <[email protected]>
ossf · Dec 12, 2024 · 4b60055 · 4b60055
1 parent 16daa7f
commit 4b60055
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/docs/Secure-Coding-Guide-for-Python/CWE-693/CWE-330/README.md b/docs/Secure-Coding-Guide-for-Python/CWE-693/CWE-330/README.md
@@ -7,7 +7,7 @@ Certain algorithms can create sequences of numbers that approximate random distr
 PRNGs suitable for encryption must mix non-computational sources such as a mouse, keyboard, or even  Lava Lamps [LavaRnd] to be random enough for encryption.
 
 Python's random module is a standard library module that provides functions to generate pseudorandom numbers for various distributions. This module can lead to a vulnerability due to its predictability. The random module is based on the Mersenne Twister `MT19937`
-[MATSUMOTO, NISHIMURA 1998] (https://dl.acm.org/doi/pdf/10.1145/272991.272995), which is a deterministic algorithm, that, given a particular input, will always produce the same output [Wikipedia 2024](https://en.wikipedia.org/wiki/Deterministic_algorithm). An attacker knowing or can guessing the seed value can predict the entire sequence of the pseudorandom numbers. This also means that if two Random class objects are created using an identical seed, they will generate the same sequence of numbers, regardless of the Python environment.
+[[MATSUMOTO, NISHIMURA 1998](https://dl.acm.org/doi/pdf/10.1145/272991.272995)], which is a deterministic algorithm, that, given a particular input, will always produce the same output [[Wikipedia 2024](https://en.wikipedia.org/wiki/Deterministic_algorithm)]. An attacker knowing or can guessing the seed value can predict the entire sequence of the pseudorandom numbers. This also means that if two Random class objects are created using an identical seed, they will generate the same sequence of numbers, regardless of the Python environment.
 
 Therefore, the random module is unsuitable for applications requiring high security as it does not incorporate cryptographic randomness, which means it is not resistant to reverse engineering. Its limited entropy makes it easier for attackers to deduce the internal state of the generator and predict future outputs.