[Date Prev][Date Next][Thread Prev][Thread Next]
- Subject: Re: Predict math.random(0) last bit
- From: Albert Chan <albertmcchan@...>
- Date: Tue, 24 Apr 2018 16:20:26 -0400
> On Apr 24, 2018, at 3:43 PM, Dirk Laurie <firstname.lastname@example.org> wrote:
> 2018-04-24 18:06 GMT+02:00 Albert Chan <email@example.com>:
>> let c = last bit LSFR coefficients = (c1, c2, ..., c128)
>> let x = last bit of 128 math.random(0) = (x1, x2, ... x128)
>> x129 = (c . x) & 1 -- predict last bit using vector dot product
>> But, xorshift128+ only have 2^128 - 1 possible seeds
>> -> x and seed must map 1-to-1
>> -> x (after solving the seed) can predict the sequence.
> All this does not mean that math.random is bad. The purpose of a
> pseudorandom number generator is to provide a reproducible sequence
> that cannot be distinguished from true random numbers by statistical
> properties alone. It's a totally different ball game to generate a
> sequence that is hard to reverse-engineer.
Above were just math trivia (nothing against xorshift128+)
Here is another.
math.random(0) can not produce double 0 sequence
However, if math.random uses xoroshiro128+, it can: