Re: Math.random
- From: Dr J R Stockton <reply0925@xxxxxxxxxxxxxxxxxx>
- Date: Sat, 20 Jun 2009 23:23:01 +0100
In comp.lang.javascript message <Xns9C30931223702eejj99@xxxxxxxxxxxxxxx>
, Sat, 20 Jun 2009 12:27:27, Evertjan. <exjxw.hannivoort@xxxxxxxxxxxx>
posted:
Dr J R Stockton wrote on 19 jun 2009 in comp.lang.javascript:
In comp.lang.javascript message <Cy0nuvZCjpLKFw4W@xxxxxxxxxxxxxxxxxxxxxx
rlyn.invalid>, Tue, 9 Jun 2009 18:15:46, Dr J R Stockton
<reply0924@xxxxxxxxxxxxxxxxxx> posted:
Considerable information about Math.random internals and derived
insecurities is in a 325kB PDF by Amit Klein *via* (!== at)
<http://www.trusteer.com/temporary-user-tracking-in-major-browsers>.
The flaws in the values of Math.random can in principle be overcome by
writing one's own;
FYI, I expect soon to have achieved this; for integers, the code should
handle numbers up to the megadigit (hex) range, with acceptable speed
for reasonable sizes. There is, of course, difficulty in generating a
correspondingly-good seed. But, as the seed is exposed, randoms can be
generated reproducibly. Does anyone have the relevant volume of Knuth
handy?
Why megadigit?
It is necessary to include multidigit. Using just ordinary JavaScript
arithmetic, one cannot without rounding errors produce Randoms of more
that 26 bits of value (exact multiplication is required). The
arithmetic has to be done with arrays of digits. JavaScript arrays are
bounded in size only be available memory, and ISTM that I can have the
necessary number of arrays each with 250,000 elements. The elements I
use are digits base 65536, hence a factor of 4 with some to spare. But
using that many is purely optional.
My <js-randm.htm> demonstrates such a generator more-or-less embedded in
a Form, and I an in the middle of changing its insides to a form-
independent version.
99.962468 % of the pseudo-random sequences used in clientside Javascript
are about non negative integers between -0.3 and 365.7.
Fewer that 0.037532% of the Dutch population are EjH ; but that subset
is clearly not insignificant.
The perfection of the randomness isn't even that important,
as long as an accidental repeat of the same integer is not within say 4
steps.
That depends on the application. And algorithms developed in JavaScript
can be re-implemented elsewhere.
So the function can be simple and the seeding can be done by a subset of
+new Date().
Amit Klein's cited paper shows that Math.random is commonly not as good
as one might reasonably have hoped, and also is a security leak.
Providing code for an alternative cannot fix the leak; but it can set a
good example. Seeding, however, is difficult; except that the client
can always be asked to enter a suitable seed, which can either. be used
alone or entangled with the time.
A repeatable seed is interesting however for code testing.
Indisputably.
That could be introduced in ECMA 5+ by simply saying that Math.random()
would do what it "always" has, but Math.random(Object) would use the
object to store the internal state, seed included. With different
Objects, one could have independent Random generators.
--
(c) John Stockton, near London. *@merlyn.demon.co.uk/?.?.Stockton@xxxxxxxxxxx
Web <URL:http://www.merlyn.demon.co.uk/> - FAQish topics, acronyms, & links.
Correct <= 4-line sig. separator as above, a line precisely "-- " (SoRFC1036)
Do not Mail News to me. Before a reply, quote with ">" or "> " (SoRFC1036)
.
- Follow-Ups:
- Re: Math.random
- From: Evertjan.
- Re: Math.random
- From: Thomas 'PointedEars' Lahn
- Re: Math.random
- References:
- Math.random
- From: Dr J R Stockton
- Re: Math.random
- From: Dr J R Stockton
- Re: Math.random
- From: Evertjan.
- Math.random
- Prev by Date: Re: FAQ Topic - How do I format a date with javascript? (2009-06-01)
- Next by Date: Re: FAQ Topic - How do I get the value of a form control? (2009-06-19)
- Previous by thread: Re: Math.random
- Next by thread: Re: Math.random
- Index(es):
Relevant Pages
|
