math.random

[akaday]

Select Topic Area

Show & Tell

Body

Derived from 91 925 examples found on GitHub
Real World Examples of Math.random() Grouped by signature: random()
function tint() { image.tint = Math.random() * 0xFFFFFF; } photonstorm/phaser-examples/image2.js function changeTint() { pic.tint = Math.random() * 0xffffff; } PhaserEditor2D/PhaserEditor/tint sprite.js getModel() { return { anything: state => Math.random() } }
These are indeed common real-world examples of how Math.random() is used to generate random values in JavaScript. Let's break down how to replace these uses with a cryptographically secure random number generator.

Replacing Math.random() with Secure Methods
Tinting Colors:

The examples use Math.random() to generate random colors by multiplying it with a large integer (0xFFFFFF for 24-bit color).

Original Code:

javascript
function tint() {
image.tint = Math.random() * 0xFFFFFF;
}

function changeTint() {
pic.tint = Math.random() * 0xffffff;
}
Secure Replacement: Using crypto.getRandomValues for browser environments.

javascript
function getSecureRandomValue(max) {
const array = new Uint32Array(1);
window.crypto.getRandomValues(array);
return array[0] / (0xffffffff + 1) * max;
}

function tint() {
image.tint = getSecureRandomValue(0xFFFFFF);
}

function changeTint() {
pic.tint = getSecureRandomValue(0xffffff);
}
For Node.js environments, you can use crypto.randomBytes:

javascript
const crypto = require('crypto');

function getSecureRandomValue(max) {
return parseInt(crypto.randomBytes(4).toString('hex'), 16) / 0xFFFFFFFF * max;
}

function tint() {
image.tint = getSecureRandomValue(0xFFFFFF);
}

function changeTint() {
pic.tint = getSecureRandomValue(0xffffff);
}
Generating Random Values in Functions:

For generating random values to assign to object properties or function returns.

Original Code:

javascript
getModel() {
return {
anything: state => Math.random()
}
}
Secure Replacement: Using secure random generation methods.

Browser Environment:

javascript
getModel() {
return {
anything: state => {
const array = new Uint32Array(1);
window.crypto.getRandomValues(array);
return array[0] / (0xffffffff + 1);
}
}
}
Node.js Environment:

javascript
const crypto = require('crypto');

getModel() {
return {
anything: state => {
return parseInt(crypto.randomBytes(4).toString('hex'), 16) / 0xFFFFFFFF;
}
}
}
Summary:
Replacing Math.random() with crypto.getRandomValues in browser environments and crypto.randomBytes in Node.js ensures that your random values are cryptographically secure.

These changes help prevent security issues associated with predictable random number generation.

[torkian]

Replacing Math.random() with secure methods like crypto.getRandomValues or crypto.randomBytes provides much-needed randomness integrity for applications requiring secure data handling. Use these replacements whenever the predictability of Math.random() could pose a risk.

function getSecureRandomValue(max) {
const array = new Uint32Array(1);
window.crypto.getRandomValues(array);
return (array[0] / (0xffffffff + 1)) * max;
}

function tint() {
image.tint = getSecureRandomValue(0xFFFFFF);
}

function changeTint() {
pic.tint = getSecureRandomValue(0xffffff);
}

const crypto = require('crypto');

function getSecureRandomValue(max) {
return parseInt(crypto.randomBytes(4).toString('hex'), 16) / 0xFFFFFFFF * max;
}

function tint() {
image.tint = getSecureRandomValue(0xFFFFFF);
}

function changeTint() {
pic.tint = getSecureRandomValue(0xffffff);
}

[akaday]

@torkian Thanks for the insightful comment! Replacing Math.random() with secure methods like crypto.getRandomValues or crypto.randomBytes indeed provides much-needed randomness integrity for applications requiring secure data handling. These replacements are crucial whenever the predictability of Math.random() could pose a risk.

Here are the functions for generating secure random values:

Browser Environment:

javascript
function getSecureRandomValue(max) {
const array = new Uint32Array(1);
window.crypto.getRandomValues(array);
return (array[0] / (0xffffffff + 1)) * max;
}

function tint() {
image.tint = getSecureRandomValue(0xFFFFFF);
}

function changeTint() {
pic.tint = getSecureRandomValue(0xffffff);
}
Node.js Environment:

javascript
const crypto = require('crypto');

function getSecureRandomValue(max) {
return parseInt(crypto.randomBytes(4).toString('hex'), 16) / 0xFFFFFFFF * max;
}

function tint() {
image.tint = getSecureRandomValue(0xFFFFFF);
}

function changeTint() {
pic.tint = getSecureRandomValue(0xffffff);
}
Using these secure methods helps prevent potential security issues associated with predictable random number generation. Thanks for highlighting this important aspect!