[@Deykun](/uzytkownik/Deykun) 2-3 to ciężko sekwencją nazwać, żeby z tego coś sensownego wyciągnąć

@Deykun 2-3 to ciężko sekwencją nazwać, żeby z tego coś sensownego wyciągnąć

> If an attacker observes two or three consecutive outputs of Math.random(), they can reverse-engineer the internal state of the generator and predict all future (and past) values with 100% accuracy. This has been demonstrated in multiple research projects and open-source tools.
> 
> [https://www.reddit.com/r/AskProgramming/comments/1qt1n0i/comment/o2ziocg/](https://www.reddit.com/r/AskProgramming/comments/1qt1n0i/comment/o2ziocg/)



> Despite its quality, xorshift128+ is not cryptographically secure. For security-sensitive applications, use crypto.getRandomValues() instead
> 
> [https://www.reddit.com/r/AskProgramming/comments/1qt1n0i/comment/o2ziocg/](https://www.reddit.com/r/AskProgramming/comments/1qt1n0i/comment/o2ziocg/)



W sumie wiadomo, że to pseudolosowe, ale 2-3 outputy żeby wyliczyć seed to trochę mało.



[#javascript](/tag/javascript) #js


If an attacker observes two or three consecutive outputs of Math.random(), they can reverse-engineer the internal state of the generator and predict all future (and past) values with 100% accuracy. This has been demonstrated in multiple research projects and open-source tools.
https://www.reddit.com/r/AskProgramming/comments/1qt1n0i/comment/o2ziocg/
Despite its quality, xorshift128+ is not cryptographically secure. For security-sensitive applications, use crypto.getRandomValues() instead
https://www.reddit.com/r/AskProgramming/comments/1qt1n0i/comment/o2ziocg/

W sumie wiadomo, że to pseudolosowe, ale 2-3 outputy żeby wyliczyć seed to trochę mało.
#javascript #js

 If an attacker observes two or three consecutive outputs of Math.random(), they can reverse-engineer the internal state

[@Deykun](/uzytkownik/Deykun) dlaczego mało?

Komentarze (2)