←back to thread

Inverting the Xorshift128 random number generator

(littlemaninmyhead.wordpress.com)
108 points rurban | 3 comments | 31 Aug 25 18:49 UTC | HN request time: 0.761s | source
Show context
Aardwolf ◴[04 Sep 25 14:09 UTC] No.45127470[source]
Xorshift128+ is not a cryptographic rng though, so at least this isn't a cryptographic attack...

Should programming languages use cryptographic rngs like a ChaCha20 based one in their standard libraries to stop accidental use of non cryptographic rngs for cryptographic purposes? But that comes at the cost of speed

replies(6): >>45127744 #>>45127837 #>>45127961 #>>45127992 #>>45131766 #>>45131852 #
chaboud ◴[04 Sep 25 14:41 UTC] No.45127837[source]
Perhaps put a warning in the name since the folks who don’t read the docs are the ones you’re trying to protect?

For example: Math.RandomNotCrypto()

When someone uses that in production for cryptographic purposes (and, yes someone is going to do that), they have to wear a dunce cap to the office for a month.

replies(2): >>45131738 #>>45132416 #
1. layer8 ◴[04 Sep 25 20:13 UTC] No.45131738[source]
People are likely to use it in security-relevant ways without being aware that the use case constitutes “crypto”.
replies(1): >>45133209 #
2. degamad ◴[04 Sep 25 22:59 UTC] No.45133209[source]
Exactly - I'm just generating random session ids, I'm not encrypting anything (or using any bitcoins). There's no crypto here, right?
replies(1): >>45138588 #
3. cratermoon ◴[05 Sep 25 13:51 UTC] No.45138588[source]
Anakin Padme 4 Panel "right?" meme.