Hacking Google Random Number Generator

submited by
Style Pass
2023-09-18 23:30:02

One of the most widely used random number generators must be the one built into Google. But how random is it? Can you rely on it for your daily dose of entropy?

Note: Math.random() does not provide cryptographically secure random numbers. Do not use them for anything related to security. Use the Web Crypto API instead, and more precisely the window.crypto.getRandomValues() method.

But don’t be mad at JavaScript. This method is implemented in the browser and varies depending on the engine. Chrome uses the V8 engine, which is open-source. It’s pseudo random number generator is based on an algorithm called xorshift128+

Then the 64-bit int is converted to a double. To understand the process let’s look at the structure of a double. Doubles consist of 64 bits: 1 bit sign, 11 bit exponent, 52 bit mantissa.

The end result is a double in the [0, 1) range. It is derived by manipulating the state0 value which is right shifted by 12 bits and ORed with 0x3FF0000000000000 setting the exponent to 01111111111 in binary which is 1023. This produces a value between 1 and 2. Finally, 1 is subtracted to obtain a value in the range (0, 1].

Leave a Comment