|
|
|
|
|
|
by arnioxux
3204 days ago
|
|
|
This is a perfect example of what NOT to do. They reimplemented a seeded linear congruential generator for their random number generator: https://github.com/dylang/shortid/blob/master/lib/random/ran... But since LCGs are easy to solve, after seeing a few values you can solve for the seed and generate all past and future values. But you don't even need to do anything fancy for that. Since their implementation of LCG only has a state size of 233280 different values, you can just brute force it. (also means that their rng could only ever generate 233280 different numbers to begin with) Why the fuck do they have 2.5k stars!? EDIT: They already have an open issue for it but project seems unmaintained: https://github.com/dylang/shortid/issues/70. Stay far far away. |
|
|