TechEcho

9 comments

imaginenoreover 10 years ago

If you want cryptographic-quality random numbers, both Java and Javascript have them. Math.random() is simply a super-fast decent RNG.Example:<pre><code> var buf = new Uint32Array(10); window.crypto.getRandomValues(buf); console.log(buf); </code></pre> Outputs things like:<pre><code> [4027145128, 258543382, 1205615760, 2665675208, 4033127244, 2280027866, 3983484449, 510932333, 1911490534, 2609399642] </code></pre> This works in Chrome and FF.IE11 has Crypto.getRandomValues(...)Java has SecureRandom:<a href="http://docs.oracle.com/javase/6/docs/api/java/security/SecureRandom.html" rel="nofollow">http://docs.oracle.com/javase/6/docs/api/java/security/Secur...</a>

评论 #8254296 未加载

评论 #8254092 未加载

mnw21camover 10 years ago

That is a nice not-so-subtle reminder. When a PRNG says it is insecure, it is insecure. When a PRNG says it is secure, it might be - get someone very clever to check it first.

phpnodeover 10 years ago

nitpick, Firefox doesn't use Rhino, it uses SpiderMonkey which is C++.<a href="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/SpiderMonkey" rel="nofollow">https://developer.mozilla.org/en-US/docs/Mozilla/Projects/Sp...</a>

drinchevover 10 years ago

How dangerous this prediction can be? I can't stop thinking of java-backended real money, poorly written, gaming websites.

评论 #8254172 未加载

评论 #8253951 未加载

评论 #8254162 未加载

评论 #8253952 未加载

评论 #8253985 未加载

xxsover 10 years ago

Math.random() should be used only for tests. That's it. Performance sucks as it's shared. ThreadLocalRandom is a lot better if you need fast but not-quality random.And there is SecureRandom for security concerns.Last fun fact Math.random() and a Monte Carlo test introduced "CAS in Java" and all that followed with JSR 166.

mdaover 10 years ago

Reminded me an interesting Java Random issue with small seeds and power of two intervals:<pre><code> for(int i = 0; i < 256; i++) { System.out.println(new Random(i).nextInt(8)); } </code></pre> It returns same number for all seeds.

lunixbochsover 10 years ago

I tested a similar attack against ApacheCommons' RandomStringUtil. Given a few bytes of output, I could recover the RNG state in 20 minutes on CPU.

jlebarover 10 years ago

As another commenter has said, Firefox doesn't use Rhino. Here's the relevant code in Firefox's JS engine.<a href="http://dxr.mozilla.org/mozilla-central/source/js/src/jsmath.cpp#765" rel="nofollow">http://dxr.mozilla.org/mozilla-central/source/js/src/jsmath....</a>

Peksaover 10 years ago

Hah, funny! I recently did the same to circumvent CSRF-protection based on java.util.Random. Here's my solver in JS: <a href="https://peks.as/experiments/random/" rel="nofollow">https://peks.as/experiments/random/</a>

9 comments

imaginenoreover 10 years ago

评论 #8254296 未加载

评论 #8254092 未加载

mnw21camover 10 years ago

That is a nice not-so-subtle reminder. When a PRNG says it is insecure, it is insecure. When a PRNG says it is secure, it might be - get someone very clever to check it first.

phpnodeover 10 years ago

drinchevover 10 years ago

How dangerous this prediction can be? I can't stop thinking of java-backended real money, poorly written, gaming websites.

评论 #8254172 未加载

评论 #8253951 未加载

评论 #8254162 未加载

评论 #8253952 未加载

评论 #8253985 未加载

xxsover 10 years ago

mdaover 10 years ago

lunixbochsover 10 years ago

I tested a similar attack against ApacheCommons' RandomStringUtil. Given a few bytes of output, I could recover the RNG state in 20 minutes on CPU.

jlebarover 10 years ago

Peksaover 10 years ago

Predicting the next Math.random() in Java

9 comments

Predicting the next Math.random() in Java

9 comments