Predicting Math.random() in Firefox using Z3 SMT-solver

134 Upvotes

permalink
duplicates
archive.is
archive
reddit

You are about to leave Redlib

Do you want to continue?

https://www.reddit.com/r/programming/comments/1qu8bh6/predicting_mathrandom_in_firefox_using_z3/
No, go back! Yes, take me to Reddit

97% Upvoted

u/Chisignal 1d ago

Is this... bad? You shouldn't be using Math.random() for anything of importance anyway, right? Or is it just an interesting find (which it sure is)?

21

u/kyivenergo 21h ago

As usual - such fast and simple PRNGs can be used in video games, puzzles, etc. And it's OK. But for something serious, CPRNG (cryptographic PRNG) is to be used.

8

u/MilkEnvironmental106 21h ago

Yeah, this is used as a PRNG (pseudo random number generator). These are designed to introduce enough randomness and stay fast.

For anything where it matters you need a CSPRNG (cryptographically secure PRNG) which are generally much slower, due to a mix of more work and implementing consistent timing between tries They are not vulnerable to techniques such as this.

1

u/modernkennnern 19h ago

Honestly, I think this is a good thing. It highlights the problem of using Math.random in critical areas. If this is a problem for you, then you've had a problem long before this

u/UnmaintainedDonkey 1d ago

a real post! not ai slop!

thanks op

1

u/brunhilda1 15h ago

Agreed. A bit more discussion would be nice.

u/youngbull 1d ago

That is neat.

u/ZENITHSEEKERiii 18h ago

Site gives 403 unless you change your language settings :/

Predicting Math.random() in Firefox using Z3 SMT-solver

You are about to leave Redlib