Cheese with Holes (Emmental) - Developing
Cheese with Holes (Emmental) - Developing
Useful note with basic structure, but still has holes to fill.
Click the cheese icon to learn more

JavaScript `Math.random` Is Not Secure For Cryptography

Author: guiferviz

Created:

Last Modified:

Even though Math.random() is seeded from a secure source like /dev/urandom, it is not cryptographically secure.

  • The internal generator is fast but predictable.
  • If enough outputs are observed, future values can be guessed.
  • Never use it for passwords, tokens, or encryption keys.

Use this instead for secure randomness:

window.crypto.getRandomValues()

This uses a CSPRNG (Cryptographically Secure Pseudo-Random Number Generator) and is safe for security-sensitive use.