科技回声

9 条评论

If you want cryptographic-quality random numbers, both Java and Javascript have them. Math.random() is simply a super-fast decent RNG.Example:<pre><code> var buf = new Uint32Array(10); window.crypto.getRandomValues(buf); console.log(buf); </code></pre> Outputs things like:<pre><code> [4027145128, 258543382, 1205615760, 2665675208, 4033127244, 2280027866, 3983484449, 510932333, 1911490534, 2609399642] </code></pre> This works in Chrome and FF.IE11 has Crypto.getRandomValues(...)Java has SecureRandom:<a href="http://docs.oracle.com/javase/6/docs/api/java/security/SecureRandom.html" rel="nofollow">http://docs.oracle.com/javase/6/docs/api/java/security/Secur...</a>

评论 #8254296 未加载

评论 #8254092 未加载

mnw21cam超过 10 年前

That is a nice not-so-subtle reminder. When a PRNG says it is insecure, it is insecure. When a PRNG says it is secure, it might be - get someone very clever to check it first.

phpnode超过 10 年前

nitpick, Firefox doesn't use Rhino, it uses SpiderMonkey which is C++.<a href="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/SpiderMonkey" rel="nofollow">https://developer.mozilla.org/en-US/docs/Mozilla/Projects/Sp...</a>

drinchev超过 10 年前

How dangerous this prediction can be? I can't stop thinking of java-backended real money, poorly written, gaming websites.

评论 #8254172 未加载

评论 #8253951 未加载

评论 #8254162 未加载

评论 #8253952 未加载

评论 #8253985 未加载

xxs超过 10 年前

Math.random() should be used only for tests. That's it. Performance sucks as it's shared. ThreadLocalRandom is a lot better if you need fast but not-quality random.And there is SecureRandom for security concerns.Last fun fact Math.random() and a Monte Carlo test introduced "CAS in Java" and all that followed with JSR 166.

mda超过 10 年前

Reminded me an interesting Java Random issue with small seeds and power of two intervals:<pre><code> for(int i = 0; i < 256; i++) { System.out.println(new Random(i).nextInt(8)); } </code></pre> It returns same number for all seeds.

lunixbochs超过 10 年前

I tested a similar attack against ApacheCommons' RandomStringUtil. Given a few bytes of output, I could recover the RNG state in 20 minutes on CPU.

jlebar超过 10 年前

As another commenter has said, Firefox doesn't use Rhino. Here's the relevant code in Firefox's JS engine.<a href="http://dxr.mozilla.org/mozilla-central/source/js/src/jsmath.cpp#765" rel="nofollow">http://dxr.mozilla.org/mozilla-central/source/js/src/jsmath....</a>

Peksa超过 10 年前

Hah, funny! I recently did the same to circumvent CSRF-protection based on java.util.Random. Here's my solver in JS: <a href="https://peks.as/experiments/random/" rel="nofollow">https://peks.as/experiments/random/</a>

9 条评论

imaginenore超过 10 年前

评论 #8254296 未加载

评论 #8254092 未加载

mnw21cam超过 10 年前

That is a nice not-so-subtle reminder. When a PRNG says it is insecure, it is insecure. When a PRNG says it is secure, it might be - get someone very clever to check it first.

phpnode超过 10 年前

drinchev超过 10 年前

How dangerous this prediction can be? I can't stop thinking of java-backended real money, poorly written, gaming websites.

评论 #8254172 未加载

评论 #8253951 未加载

评论 #8254162 未加载

评论 #8253952 未加载

评论 #8253985 未加载

xxs超过 10 年前

mda超过 10 年前

lunixbochs超过 10 年前

I tested a similar attack against ApacheCommons' RandomStringUtil. Given a few bytes of output, I could recover the RNG state in 20 minutes on CPU.

jlebar超过 10 年前

Peksa超过 10 年前

Predicting the next Math.random() in Java

9 条评论

Predicting the next Math.random() in Java

9 条评论