Hejto.pl
Dodaj post

Wpisz coś do wyszukania (minimum 2 znaki)

Wpis użytkownika Deykun w Javascript

Lider

w Javascript

5piorunów
If an attacker observes two or three consecutive outputs of Math.random(), they can reverse-engineer the internal state of the generator and predict all future (and past) values with 100% accuracy. This has been demonstrated in multiple research projects and open-source tools.

https://www.reddit.com/r/AskProgramming/comments/1qt1n0i/comment/o2ziocg/
Despite its quality, xorshift128+ is not cryptographically secure. For security-sensitive applications, use crypto.getRandomValues() instead

https://www.reddit.com/r/AskProgramming/comments/1qt1n0i/comment/o2ziocg/

W sumie wiadomo, że to pseudolosowe, ale 2-3 outputy żeby wyliczyć seed to trochę mało.

Komentarze (2)

GURU0piorunów

@Deykun 2-3 to ciężko sekwencją nazwać, żeby z tego coś sensownego wyciągnąć

If an attacker observes two or three consecutive outputs of Math.random(), they can reverse-engineer the internal state - Deykun - Hejto.pl (demo semantyczne)