perry-mitchell
commented
4 years ago This is a good point, regarding the granularity. Why not generate say 4 bytes to calculate the random number? Or more?
Open ooptimum opened 5 years ago
perry-mitchell
commented
4 years ago This is a good point, regarding the granularity. Why not generate say 4 bytes to calculate the random number? Or more?
Disclaimer: I have not conducted any research into how the following affects information security or may lead to errors.
These pieces of code generate random numbers in the range from 0 to 1 inclusive, because you divide the value received from the browser or node by 255, not 256 (because 1 byte takes 256 different values, not 255):
return buffer[0] / 0xffandnodeCrypto.randomBytes(1).readUInt8() / 0xffWhile Math.random() used in case of absence of a good prng always returns a value less than 1. Moreover, your functions with good PRNG return only 256 different values, thus being much inferior even to Math.random().