7

I want to generate a really large random number. I don't need this number to be cryptographically secure. Hence, I'm not using crypto.getRandomValues. Currently, I'm generating the random number as follows:

const random = length =>
    Math.floor(length * Math.random());

const padding = (length, character, string) =>
    (new Array(length + 1).join(character) + string).slice(string.length);

const randomBits = bits =>
    padding(bits, '0', random(Math.pow(2, bits)).toString(2));

const getRandom = bits =>
    bits <= 32 ? randomBits(bits) : randomBits(32) + getRandom(bits - 32);

console.log('         1         2         3         4         5         6');
console.log(getRandom(64));

However, this seems a bit wasteful because numbers in JavaScript are 64 bits long:

IEEE 754 double-precision binary floating-point format: binary64

It seems to me that we should be able to at least recover all the 52 bits of the mantissa. How many bits of entropy can we extract from numbers generated by Math.random in JavaScript, and how?

Aadit M Shah
  • 72,912
  • 30
  • 168
  • 299
  • 1
    Looks like duplicate of http://stackoverflow.com/questions/22590131/math-random-number-of-random-bits – Ivan Nov 12 '16 at 17:00
  • Firefox, Chrome, and Safari use [xorshift128+][vigna.di.unimi.it/ftp/papers/xorshiftplus.pdf] for pseudo-random number generation. – lovasoa Nov 12 '16 at 17:01
  • 1
    Math.random() returns a number between 0 and 1. So I guess it's a random mantissa with the appropriate exponent. And if you only multiply by powers of 2, the mantissa should remain unaltered. – Oriol Nov 12 '16 at 17:03
  • Your current output is a string of '0' and '1' characters. If that is what you want, then why does the byte size of floating points matter? If it *does* matter than why do you produce character strings? – trincot Nov 12 '16 at 17:39
  • @trincot That's just to show that I'm producing a really big number. In actual code I'd be producing a [bignum](https://en.wikipedia.org/wiki/Arbitrary-precision_arithmetic). – Aadit M Shah Nov 12 '16 at 19:15

1 Answers1

1

A deterministic algorithm (including a pseudorandom number generator) can't generate entropy itself; it has to come from outside, such as the seed that the algorithm receives.

Note, however, that the ECMAScript specification for Math.random() allows the implementation to use any "implementation-dependent algorithm or strategy", not necessarily a deterministic algorithm, as long as the number is "chosen randomly or pseudo randomly with approximately uniform distribution over" the interval [0, 1). Thus, whether Math.random() actually uses entropy is likewise implementation-dependent — no particular strategy for gathering entropy to seed the PRNG (if the implementation uses one) is mandated either.

Peter O.
  • 32,158
  • 14
  • 82
  • 96
  • According to v8.dev/blog/math-random, you'll get at most 128 accumulative bits of entropy after any number of `Math.random()` calls on a single page. – Finesse Oct 14 '21 at 08:08