←back to thread

Inverting the Xorshift128 random number generator

(littlemaninmyhead.wordpress.com)
108 points rurban | 6 comments | 31 Aug 25 18:49 UTC | HN request time: 0s | source | bottom
Show context
Aardwolf ◴[04 Sep 25 14:09 UTC] No.45127470[source]
Xorshift128+ is not a cryptographic rng though, so at least this isn't a cryptographic attack...

Should programming languages use cryptographic rngs like a ChaCha20 based one in their standard libraries to stop accidental use of non cryptographic rngs for cryptographic purposes? But that comes at the cost of speed

replies(6): >>45127744 #>>45127837 #>>45127961 #>>45127992 #>>45131766 #>>45131852 #
1. chaboud ◴[04 Sep 25 14:41 UTC] No.45127837[source]
Perhaps put a warning in the name since the folks who don’t read the docs are the ones you’re trying to protect?

For example: Math.RandomNotCrypto()

When someone uses that in production for cryptographic purposes (and, yes someone is going to do that), they have to wear a dunce cap to the office for a month.

replies(2): >>45131738 #>>45132416 #
2. layer8 ◴[04 Sep 25 20:13 UTC] No.45131738[source]
People are likely to use it in security-relevant ways without being aware that the use case constitutes “crypto”.
replies(1): >>45133209 #
3. Retr0id ◴[04 Sep 25 21:28 UTC] No.45132416[source]
Math.random is a web API so you can't just rename it without breaking a large chunk of the web.

A non-breaking change would be to upgrade Math.random to be cryptographically secure - these days we know how to do this with minimal performance impact.

replies(1): >>45151508 #
4. degamad ◴[04 Sep 25 22:59 UTC] No.45133209[source]
Exactly - I'm just generating random session ids, I'm not encrypting anything (or using any bitcoins). There's no crypto here, right?
replies(1): >>45138588 #
5. cratermoon ◴[05 Sep 25 13:51 UTC] No.45138588{3}[source]
Anakin Padme 4 Panel "right?" meme.
6. chaboud ◴[06 Sep 25 18:06 UTC] No.45151508[source]
This is a “next time” recommendation. Short of a time machine, we can’t change published names.

And, yes, I’d be down with going cryptographically secure (for now) with existing systems.