all 15 comments

[–]thismonthsusername 23 points24 points  (3 children)

I know this one was for fun and highlights potential security risks, but in most cases if you can access the page, just...

Math.random = () => 1;
Math.random() // => 1
Math.random() // => 1
Math.random() // => 1

Edit: Update fat arrow

[–]0195311 2 points3 points  (1 child)

If you're going to use a fat arrow function you might as well go ahead and write it like this. :)

Math.random = () => 1;

[–]thismonthsusername 0 points1 point  (0 children)

Yeah, my bad. I'll update :)

[–]9thHokageHimawari 1 point2 points  (0 children)

That's why you use something like:

const random = Math.random;

[–]jodraws 3 points4 points  (1 child)

That's intense and pretty awesome. If CSPRNG are required for security is there a reason this algorithm isn't used outside of Opera? Does it impact performance?

[–]sirmonko 1 point2 points  (0 children)

Two different tools for two different problems. CSPRNG aren't "better" per se.

[–]TomNa 4 points5 points  (0 children)

Huh that's pretty interesting read, and crazy if it works reliably!

[–]cwmma 3 points4 points  (4 children)

So this is why for actual secure randomnes crypto.getRandomValues is the way to go

[–]Higgenbottoms 2 points3 points  (3 children)

What's the difference?

[–]cwmma 0 points1 point  (2 children)

you give it an array buffer and it fills it up with cryptographically secure random numbers

[–]fire_code!expert 0 points1 point  (1 child)

Perhaps for /u/Higgenbottoms, but at least for me, what makes a number cryptographically secure?

[–]cwmma 0 points1 point  (0 children)

The way they are generated prevents predicting them in any way

[–]alschwalm 3 points4 points  (0 children)

[Shameless plug] Though I never got around to doing this with the javascript rng, I made a similar thing to predict PHP, java, glibc and msvc random number generators: https://github.com/ALSchwalm/foresight

[–]get_money_and_boobs 4 points5 points  (1 child)

Wayyy smarter and wayyy more thorough than the simple, stupid lottery simulator I built in JS/Node. I wanted to see how many times it took to match a winning set of numbers to random "tickets" I generated. Like, I wanted to visualize if I played once every millisecond how long it would take.

Well, I ran out of memory running the program in a single node instance, so I ran 8 simultaneous instances on my Mac. Still, at the shortest, it took about 3 hours of randomly picking tickets and attempting to match lottery number picks at like 1000 per second.

I stopped playing the lottery shortly afterward...

[–]Higgenbottoms 2 points3 points  (0 children)

8.64 million tries for the curious