by dspillett on 12/17/15, 2:27 PM
Do be sure to note the mention that the new algorithm is not considered a cryptographically secure PRNG.
Also because the specification has very little by way of requirements in that regard, no matter how good some implementations may be you should always assume you code may end up being used in an environment where Math.random() is no better than the worst generator you can think of.
If you need specific properties in your PRNG then you still need to provide something in place of Math.random().
by zeveb on 12/17/15, 4:29 PM
It seems to me that defaulting to a non-CSPRNG these days is a premature optimization: for many purposes a decent CSPRNG (e.g. Fortuna) is fast enough, and avoids all the pitfalls of a non-secure or poorly-random generator.
Maybe it's time to have Math.random and equivalents call a CSPRNG, with a Math.insecurerandom when performance matters?
by nraynaud on 12/17/15, 3:35 PM
>"Please keep in mind, if you find areas of improvement in V8 and Chrome, even ones that—like this one—do not directly affect spec compliance, stability, or security, please file an issue on our bug tracker."
Worst idea ever, this not-a-real-bug got a correction in just a few days without even being in the bug tracker, while there are real bugs stalled for years in the tracker. Writing a blog post and making a lot of noise on the internet works way better than using the bug tracker.
by ifcologne on 12/17/15, 2:57 PM
A worth to read article by [Mike Malone](
https://medium.com/@betable/tifu-by-using-math-random-f1c308...) explains the problem with Math.random() in more detail.
Quoting Donald Knuth / The Art of Computer Programming:
> “Many random number generators in use today are not very good. There is a tendency for people to avoid learning anything about such subroutines; quite often we find that some old method that is comparatively unsatisfactory has blindly been passed down from one programmer to another, and today’s users have no understanding of its limitations.”
by nathan_long on 12/17/15, 3:25 PM
by Someone1234 on 12/17/15, 3:04 PM
This article[0] hints that Microsoft's Edge browser might also being using MWC1616, or something else that has a lot of the same limitations. Hopefully they jump on the xorshift128+ ship.
[0] https://lwn.net/Articles/666407/
by dvt on 12/17/15, 7:28 PM
Somewhat related, I wrote a blog post about (P)RNGs a few years ago:
http://dvt.name/2010/clock-drift-hardware-prng/. It's interesting to se V8 favor accuracy over speed.
I'd think that having a "secure" random number generator isn't that important of a deal given the fact that all code runs client-side anyway (so why the need for cryptographic security?).
by mring33621 on 12/17/15, 3:58 PM
Pretty sure I saw the 'After' picture in the mall, circa 1992. If you cross your eyes and look 'through' it just right, you'll see the sailboat.
by evilpie on 12/17/15, 3:43 PM
by blixt on 12/17/15, 9:14 PM
For people concerned with cross-browser reproducibility as well as resuming a PRNG between sessions (e.g., to reproduce random sequences in replays or multiplayer), check out arbit, an NPM package I made. It performs close to Math.random and uses floats for state internally for max resolution (i.e., length and number of unique sequences):
https://github.com/blixt/js-arbit
I would also recommend running the provided DieHarder test, which is crafted to measure the quality of PRNGs.
by jakub_g on 12/17/15, 10:03 PM
by jacobolus on 12/17/15, 7:37 PM
Is there an explanation anywhere of what technical or other criteria they used to pick xorshift128+? I haven’t seen any from the handful of blog posts, etc. I’ve seen about the change.
“[...] having understood the problem and after some research, we decided [...]” is hardly a persuasive analysis.
Were any professional experts on PRNGs asked for advice?
by stevebmark on 12/17/15, 5:58 PM
The first one looks more random to me? It has more runs. There was some article (can't remember the source) about generating a random coin flip - the way to tell the difference between a real physical coin flip and a computer is that the real physical flip will have a lot of runs, like 10 times in a row where you get heads. A computer random will attempt to "even out" the spectrum. The two images presented in the article looked similar to these but were reversed, true random looked more like a pattern, while computer generated random looked more like even noise.
TL;DR long strings of repeated results are a sign of true randomness. Am I misinterpreting the relationship between that and this article?
by cdnsteve on 12/17/15, 4:19 PM
This kind of stuff seems scary to me. One JavaScript engine decides to use this algorithm, another that. This type of change could lead to
higher potential of bugs and unexpected behaviour, the average developer just can't figure out when say, using Firefox or Chrome for testing.
When algorithms are getting tinkered with behind the scenes, this leads me to believe there's still way too much churn in the JS space.