On Mar 23, 2018, at 6:31 PM, Coda Highland <[hidden email]> wrote:> if you see the least significant bit of 128 consecutive calls to

> math.random, then you can predict the least significant bit of every

> call from there on out.

---

I think above statement is only half-right.

Above statement is true ONLY if we already solved

the 128 coefficient of LSFR.

To solve for the coefficients, we need 256 calls.

-> 128 equations with 128 unknown (coefficient)

http://practicalcryptography.com/cryptanalysis/modern-cryptanalysis/lfsrs-and-berlekampmassey-algorithm/