Wyh Ranmdnoses Mattres presented at OWASPNewZealandDay 2020

by Frans Lategan,

Summary : Computers are deterministic, i.e. predictable, yet need randomness for tasks such as key generation, games of chance and jitter. Various mathematical algorithmic generators are used as sources of randomness, but they are not all equal - some can be broken. Although this is generally known, many of the details are left as “exercises for the reader”, or require exclusive access to the outputs (no missing values).This talk shows how easy it is to “break” the nextInt() function of java.util.Random (many examples can be found on the Internet).But wait, there is more! This talk also shows how to predict the output from the nextInt(n) function, (usually left as an exercise for the reader), even when some captured values are missing (such as when some other pesky users are also interacting with the site, or you don’t get to see the other players’ cards…) There will be code and demos.