2018-04-24 18:06 GMT+02:00 Albert Chan <

[hidden email]>:

> 128 math.random(0) last bit can actually predict the sequence,

> not just the last bit

>

> let c = last bit LSFR coefficients = (c1, c2, ..., c128)

> let x = last bit of 128 math.random(0) = (x1, x2, ... x128)

>

> x129 = (c . x) & 1 -- predict last bit using vector dot product

>

> Within the full period 2^128 - 1, all x's are unique

> (otherwise, last bit period will be LESS than 2^128 - 1)

>

> But, xorshift128+ only have 2^128 - 1 possible seeds

> -> x and seed must map 1-to-1

> -> x (after solving the seed) can predict the sequence.

All this does not mean that math.random is bad. The purpose of a

pseudorandom number generator is to provide a reproducible sequence

that cannot be distinguished from true random numbers by statistical

properties alone. It's a totally different ball game to generate a

sequence that is hard to reverse-engineer.