search

tc39 / proposal-seeded-random

Proposal for an options argument to be added to JS's Math.random() function, and some options to start it with.
MIT License
156 stars 6 forks source link

Seeding Math.random causes global pollution/corruption #15

Closed ghost closed 3 years ago

ghost commented 3 years ago

Being able to seed Math.random would affect all code on a web page, potentially causing security vulnerabilities in some applications and/or situations, that depend on random numbers, that didn't use crypto or SubtleCrypto.

How about, instead, offering a function that returns a seeded random generator?

Example usage:

const myRandom = makeSeededRandom(0.3); // no-so random number generator

const notSoRandomNumber = myRandom(); // number

This would scope the amount of effect that it can have.

bakkot commented 3 years ago

This proposal does not propose to allow setting the seed for Math.random. It's basically exactly what you're asking for already. See readme.

ghost commented 3 years ago

My apologies, I completely skipped that first section, in that case, this issue is completely irrelevant.