Comment by juancn

1 day ago

Something off on how the RNG is initialized? Lack of entropy?

If the rng is not customized it will use:

    const rnds8 = new Uint8Array(16);
    export default function rng() {
        return crypto.getRandomValues(rnds8);
    }

getRandomValues doesn't specify a minimum amount of entropy.

3 comments

juancn

Reply
Hizonner  1 day ago

It's a near certainty that something is badly wrong with the RNG, and, yes, probably in how it's seeded.

It's probably messing up the cryptography, too.

  • Onavo  21 hours ago

    But defaults should be sane and safe. RNG isn't the sort of thing you want to be messing up. Every JS dev was taught that Math.random is not safe by default, but the crypto package is.