Math.random() is not secure ? 🤔

Yes. it is!

If you are using Javascript or any other JavaScript environment like NodeJs you may definitely use Math.random() as your default PRNG.

PRNG -> Pseudo-Random Number Generator

Actually there is no random in Math.random().


By definition there no random in PRNGs. They have a set of initial seed values and they create random values. Because there are chances to repeat the same value or an attacker can predict these random values if he is aware of initial seed values.

Math.random() is useless when …

If you are using unique random numbers as session IDs for some active users in a system it would be a huge security issue.

But luckily there are some powerful PRNGs in the world as a solution for this,

  1. Xorshift
  2. PCG
  3. Mersenne Twister


For security central scenarios, there is a Cryptographically Secure Pseudo-Random Number Generator. 1–3 listed PRNGs are really better than Math.random().They are fast, powerful, and efficient. But they are lack of cryptographic.

BY default NodeJS provide crypto.randomBytes() to generate random numbers. This is more impressive than Math.random(). In Math random() it generates a table of unique values at once. But crypto.randomBytes()

generates a table of unique possible random values in each call.

Math.random() is not a trash 🗑

If you are not using PRNG for some security things or session IDs as I mentioned it before, No Problem You can proceed with Math.random()!

Yes, You can use it a task as a simple dice game.




Software Engineer

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Top JavaScript Frameworks for Web Applications Development

Populating text-field dynamically from a v-select value using Vue, Vuetify and Typescript

How Much Does it Cost to Build a Language Support App Like a Voice Translator?

Optimising iPlayer Translations

IAC with Google Cloud Storage

2022 React Basic Training

Some ES6 Features

Optimising iPlayer Translations

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Chamini Prashakthi

Chamini Prashakthi

Software Engineer

More from Medium

Asynchronous communication

Set Matrix Zeroes||LeetCode||Java Code

OFAC Checker: A Salesforce-native anti-money laundering software

Cloning “” in 7 days