Timeline for Is "Math.random" the same as "crypto.getRandomValues" (JavaScript security)
Current License: CC BY-SA 4.0
14 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Nov 16, 2021 at 0:11 | comment | added | Parking Master | @mti2935 "Parking Meter" lol... | |
| Nov 13, 2021 at 22:28 | comment | added | mti2935 | Parking Meter, That's great news. I'm sure @vidarlo will be happy to see this as well. | |
| Nov 13, 2021 at 22:10 | comment | added | Parking Master |
@mti2935 I have updated the securityjs.128 file, and used crypto.getRandomValues(new Uint32Array(10))[0]; instead
|
|
| Nov 13, 2021 at 21:13 | comment | added | IMSoP | @Gilles'SO-stopbeingevil' I think I've had this same debate before, if not with you with someone else on this site. It comes down to what you count as "the computer", and what you count as "special effort". I think it's perfectly reasonable to say that the parts of a computer that run normal software (including library functions like Math.random) are purely deterministic, and need external input - whether dedicated hardware or "accidental" sources like event and signal noise - to generate true randomness. But I guess it's also true that "every aspect" is not a good choice of words. | |
| Nov 13, 2021 at 19:46 | comment | added | Parking Master |
@mti2935 actually, that makes sense. Because Math.random returns 0.{some number} between one and zero, and like you said crypto.getRandomValues(new Uint32Array(10))[0]; returns a 32 bit unsigned integer.
|
|
| Nov 13, 2021 at 19:44 | comment | added | mti2935 |
@ParkingMaster The reason that it may seem that Math.random() returns a value that is greater in length than the value returned by Crypto.getRandomValues() is that Math.random() returns a decimal value between 0 and 1, whereas Crypto.getRandomValues() returns a 32 bit unsigned integer (i.e. an integer between 0 and 42949672965). If you do crypto.getRandomValues(new Uint32Array(1))[0]/4294967296 and compare to Math.random(), you'll see that they both return values that are the same in length.
|
|
| Nov 13, 2021 at 18:24 | comment | added | Gilles 'SO- stop being evil' | @IMSoP A dedicated TRNG component is not the only way to obtain unpredictable numbers on a computer. (But their existence means that a modern computer is not deterministic.) You can also inject randomness during manufacturing. Or you can do what PC's used to do (still do but it's mostly useless when you have a TRNG), which is collect external environmental data (e.g. interrupt timing) that your adversaries can't predict — the difficulty with that being that it's difficult to know when you have enough for security. | |
| Nov 13, 2021 at 17:22 | comment | added | IMSoP | @Gilles'SO-stopbeingevil' That component is the "special effort to collect truly random event data" that John Deters mentioned. The fact that it is built into the hardware is convenient, but doesn't change the fact that it requires a discrete piece of hardware, and is not something you can create from parts already found in the computer. (Compare, for instance, graphics processing, which can be entirely achieved with a generic CPU, but is just more efficient on a dedicated GPU.) | |
| Nov 13, 2021 at 13:57 | comment | added | Gilles 'SO- stop being evil' | @JohnDeters Modern computers of the PC/smartphone kind are not deterministic devices: their processor has a component which is specifically designed to produce unpredictable random output (a TRNG). An increasing number of embedded devices have a TRNG too. Any device that can do TLS needs to have an RNG (whether seeded by a built-in TRNG or by a trusted third party, e.g. during manufacturing). | |
| Nov 13, 2021 at 13:55 | comment | added | Gilles 'SO- stop being evil' | @Szabolcs “knowledge about how the RNG works” is a very misleading way to put it. I can tell you that my RNG is CTR_DRBG with this and that parameter, so you'll know everything about it except for the seed, and you still won't be able to predict its outputs. Conversely, if you're knowledgeable about the topic, you'll probably be able to predict outputs of a non-crypto RNG having seen a few hundreds/thousands/… outputs. The patterns in a non-crypto RNG are there if you know how to look at them. | |
| Nov 13, 2021 at 10:37 | comment | added | Szabolcs | @ParkingMaster The difference is when you have knowledge about how the RNG works. With any decent RNG, you won't see any pattern in the output. If you did, it would not look random in a statistical sense. The question is: knowing how the RNG works internally, can you deduce its internal state by looking at an output sequence? (Or rather: can you do it in reasonable computation time, using a reasonable output sequence length?) | |
| Nov 12, 2021 at 20:21 | comment | added | John Deters | Creating unguessable numbers is a very hard problem for a computer. Every aspect of a computer is deterministic; they aren't designed to output different values when given the same inputs. It takes special effort to collect truly random event data to seed the Crypto random number generator. | |
| Nov 12, 2021 at 20:18 | comment | added | Parking Master | It's weird that Math.random constantly changes, and has a higher length than Crypto.getRandomValue, but it is still less secure. | |
| Nov 12, 2021 at 20:15 | history | answered | John Deters | CC BY-SA 4.0 |