Weird to see this show up on HN - I was just looking at this page a couple of days ago.<p>I have a little puzzle I've been trying to solve in my spare time; maybe someone here can point me in the right direction.<p>The puzzle is: given a float from Math.random(), suppose you know only whether it is greater than it is then 0.5 (i.e you only see the result of a coin flip which depends on Math.random()). What is a practical method to reverse out the state of the xorshift+ generator, given multiple such successive observations of the output?<p>Any input appreciated!
<i>“the 2⁵² numbers between 0 and 1 that double precision floating point can represent”</i><p>it's a bit of a nitpick, but i believe there are 1023×2⁵² such numbers, which is quite a bit more. there are 2⁵² double precision floats in just [0.5;1)!
In Java there's just Math.random(), and it's been broken, with WONTFIX, since 1998.<p>Java's random number generator returns exceptionally non-random values, but Sun, er, Oracle, won't fix it because of the most insane of reasons: unlike in any reasonable language, Java's PRNG essentially has a contract to be <i>deterministic</i>. There's seemingly a worry that someone, somewhere, is actually relying on java.util.Random to always produce the same random number sequence for a given seed from Java version to version.
<i>Make no mistake however: even though xorshift128+ is a huge improvement over MWC1616, it still is not cryptographically secure. For use cases such as hashing, signature generation, and encryption/decryption, ordinary PRNGs are unsuitable. The Web Cryptography API introduces window.crypto.getRandomValues, a method that returns cryptographically secure random values, at a performance cost.</i><p>If the 256 bit private key of the encryption is derived from a large character set ( A-Z, 1-9, etc.), it does not matter if the RNG is not perfect. I am assuming it's not an online channel.<p>This is explained in more detail here <a href="https://www.reddit.com/r/cryptography/comments/fw2cdu/can_you_retrieve_aes_key_that_was_generated_using/" rel="nofollow noreferrer">https://www.reddit.com/r/cryptography/comments/fw2cdu/can_yo...</a>