Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

that's horrifying. I do slightly disagree with the final thoughts and works say that one of the xoshiro 256 generators is probably better than the 1024 ones. 256 bits of state is plenty to give you a longer cycle length than you will ever need (even considering birthday paradox) and the reduced state means it fits in a single cache line


After the linked article as well as https://jandemooij.nl/blog/math-random-and-32-bit-precision/ which follows from it, the main three browsers (Chrome[0], Firefox[1], Safari[2]) actually switched to Xorshift128+. So these days Math.random is nowhere near as horrifying as it was back then, however it's still not a system or a userland CSPRNG, for that you need `crypto.getRandomValues()` (https://developer.mozilla.org/en-US/docs/Web/API/Crypto/getR...).

[0] https://v8.dev/blog/math-random

[1] https://bugzilla.mozilla.org/show_bug.cgi?id=322529#c99

[2] https://bugs.webkit.org/show_bug.cgi?id=151641




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: