[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
**Subject**: **Re: Predict math.random(0) last bit**
**From**: Albert Chan <albertmcchan@...>
**Date**: Tue, 24 Apr 2018 16:20:26 -0400

> On Apr 24, 2018, at 3:43 PM, Dirk Laurie <dirk.laurie@gmail.com> wrote:
>
> 2018-04-24 18:06 GMT+02:00 Albert Chan <albertmcchan@yahoo.com>:
>>
>> let c = last bit LSFR coefficients = (c1, c2, ..., c128)
>> let x = last bit of 128 math.random(0) = (x1, x2, ... x128)
>>
>> x129 = (c . x) & 1 -- predict last bit using vector dot product
>>
>> But, xorshift128+ only have 2^128 - 1 possible seeds
>> -> x and seed must map 1-to-1
>> -> x (after solving the seed) can predict the sequence.
>
> All this does not mean that math.random is bad. The purpose of a
> pseudorandom number generator is to provide a reproducible sequence
> that cannot be distinguished from true random numbers by statistical
> properties alone. It's a totally different ball game to generate a
> sequence that is hard to reverse-engineer.
>
Above were just math trivia (nothing against xorshift128+)
Here is another.
math.random(0) can not produce double 0 sequence
However, if math.random uses xoroshiro128+, it can:
https://github.com/lemire/crackingxoroshiro128plus/issues/1