←back to thread

Inverting the Xorshift128 random number generator

(littlemaninmyhead.wordpress.com)
108 points rurban | 2 comments | 31 Aug 25 18:49 UTC | HN request time: 0s | source
Show context
Aardwolf ◴[04 Sep 25 14:09 UTC] No.45127470[source]
Xorshift128+ is not a cryptographic rng though, so at least this isn't a cryptographic attack...

Should programming languages use cryptographic rngs like a ChaCha20 based one in their standard libraries to stop accidental use of non cryptographic rngs for cryptographic purposes? But that comes at the cost of speed

replies(6): >>45127744 #>>45127837 #>>45127961 #>>45127992 #>>45131766 #>>45131852 #
chaboud ◴[04 Sep 25 14:41 UTC] No.45127837[source]
Perhaps put a warning in the name since the folks who don’t read the docs are the ones you’re trying to protect?

For example: Math.RandomNotCrypto()

When someone uses that in production for cryptographic purposes (and, yes someone is going to do that), they have to wear a dunce cap to the office for a month.

replies(2): >>45131738 #>>45132416 #
1. Retr0id ◴[04 Sep 25 21:28 UTC] No.45132416[source]
Math.random is a web API so you can't just rename it without breaking a large chunk of the web.

A non-breaking change would be to upgrade Math.random to be cryptographically secure - these days we know how to do this with minimal performance impact.

replies(1): >>45151508 #
2. chaboud ◴[06 Sep 25 18:06 UTC] No.45151508[source]
This is a “next time” recommendation. Short of a time machine, we can’t change published names.

And, yes, I’d be down with going cryptographically secure (for now) with existing systems.