Author's title should be "Cracking PSEUDO-random number generators" - We should all basically assume that any PRNG will be easily cracked like this and not use them for anything important to security!<p>Always use a cryptographic RNG for important code!
The article is a serious waste of time.<p>It can be summarized as "Non cryptographic PRNGs can be predicted! Look, I cracked this one! I'm not going to tell you how I did it though."<p>There's no exposition describing non cryptographic PRNGs, nor any evidence given for why they're not sound beyond the author's assertion that he cracked one.<p>To be clear, non cryptographic PRNGs <i>are</i> often predictable, and <i>shouldn't</i> be used if that's a problem, but if you're interested in learning more about that, this article isn't going to help you much.<p>Skip the read.
Hey, author of the SMT attack here. There is probably a clever way to go after XorShift128+ as well, symbolic execution using an SMT solver is basically a brute-force solution.<p>I'll have to give this challenge a shot later.
As someone who first learned how to program by implementing PRNGs but never really digging deeper into it, I found this post very interesting to read. I do have an idea about some (small portion) of the things behind it, but I have no background in cryptography.<p>Looking at the other posts, it seems like most PRNGs are fine for non-cryptographic applications, but what are other ways to make PRNG's though? Everything I've learned (mostly simple stuff; Linear Congruential, Midsquare, etc.) seem to need to store a state to work, because otherwise, wouldn't you just output the same thing over and over again? I know there's stuff like /dev/random (though I'm unsure how that works), but that doesn't seem like a good idea for getting a lot of numbers.
This problem can be solved using Z3: <a href="https://gist.github.com/zb3/c59cf596ce80c501db5ca16c31a1c3a7" rel="nofollow">https://gist.github.com/zb3/c59cf596ce80c501db5ca16c31a1c3a7</a><p>I don't know whether autor used solver or some other magic method... Solutions should be available to those who want to see them.