[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
**Subject**: **Re: Predict math.random(0) last bit**
**From**: Dirk Laurie <dirk.laurie@...>
**Date**: Tue, 24 Apr 2018 21:43:54 +0200

2018-04-24 18:06 GMT+02:00 Albert Chan <albertmcchan@yahoo.com>:
> 128 math.random(0) last bit can actually predict the sequence,
> not just the last bit
>
> let c = last bit LSFR coefficients = (c1, c2, ..., c128)
> let x = last bit of 128 math.random(0) = (x1, x2, ... x128)
>
> x129 = (c . x) & 1 -- predict last bit using vector dot product
>
> Within the full period 2^128 - 1, all x's are unique
> (otherwise, last bit period will be LESS than 2^128 - 1)
>
> But, xorshift128+ only have 2^128 - 1 possible seeds
> -> x and seed must map 1-to-1
> -> x (after solving the seed) can predict the sequence.
All this does not mean that math.random is bad. The purpose of a
pseudorandom number generator is to provide a reproducible sequence
that cannot be distinguished from true random numbers by statistical
properties alone. It's a totally different ball game to generate a
sequence that is hard to reverse-engineer.