←back to thread

Inverting the Xorshift128 random number generator

(littlemaninmyhead.wordpress.com)
108 points rurban | 1 comments | 31 Aug 25 18:49 UTC | HN request time: 0s | source
Show context
delduca ◴[04 Sep 25 13:41 UTC] No.45127193[source]
I have recently replaced Lua's random for this implemetation

https://nullonerror.org/2025/08/02/replacing-lua-s-math-rand...

replies(2): >>45128081 #>>45135705 #
bazzargh ◴[04 Sep 25 15:02 UTC] No.45128081[source]
A word of caution. A few years ago we had a production impact event where customers were getting identical cookies (and so started seeing each others sessions). When I took a look at the code, what I found was that they were doing something very like your code - using a time() based seed and an PRNG.

Whenever we deployed new nginx configs, those servers would roll out and restart, getting _similar_ time() results in the seed. But the individual nginx workers? Their seeds were nearly identical. Not every call to the PRNG was meant for UUIDs, but enough were that disaster was inevitable.

The solution is to use a library that leverages libuuid (via ffi or otherwise). A "native lua" implementation is always going to miss the entropy sources available in your server and generate clashes if it's seeded with time(). (eg https://github.com/Kong/lua-uuid, https://github.com/bungle/lua-resty-uuid)

replies(4): >>45128343 #>>45128442 #>>45130303 #>>45130355 #
1. delduca ◴[04 Sep 25 15:34 UTC] No.45128442[source]
Thank you for your advise, I will update my blog with it.

Just FYI I only use this on a hidden n' seek game engine, so it is fine.