Predict math.random(0) last bit

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Predict math.random(0) last bit

Albert Chan
  On Mar 23, 2018, at 6:31 PM, Coda Highland <[hidden email]> wrote:
> if you see the least significant bit of 128 consecutive calls to 
> math.random, then you can predict the least significant bit of every 
> call from there on out.
---
I think above statement is only half-right.
Above statement is true ONLY if we already solved
the 128 coefficient of LSFR.

To solve for the coefficients, we need 256 calls.
-> 128 equations with 128 unknown (coefficient)
http://practicalcryptography.com/cryptanalysis/modern-cryptanalysis/lfsrs-and-berlekampmassey-algorithm/