Alternative of Math.random in javascript

Question

I am using Math.random() function to get an integer from range of 0 to 'max' number. But According to sonarqube, it is "Security Hotspots" medium issue.

private getRandomInt(max) {
    return Math.floor(Math.random() * Math.floor(max));
}

related, possible dupe: https://stackoverflow.com/questions/62036514/make-sure-that-using-this-pseudorandom-number-generator-is-safe-here — Jamiec, Jul 02 '21 at 09:02
In node.js, you can use the crypto module, for example `crypto.randomInt`: https://nodejs.org/docs/latest/api/crypto.html In the browser, you can use `window.crypto.getRandomValues`: https://developer.mozilla.org/en-US/docs/Web/API/Crypto/getRandomValues — kol, Jul 02 '21 at 09:07
Is this *expected* to have secure random number generation? Because one possible solution is to completely ignore the SonarQube warning and disable it, if it doesn't make sense. There are plenty of times you may want just some sort of random data without necessarily that being security related. But if you use it to generate session IDs or something, then you *do* need better pRNG. — VLAZ, Jul 02 '21 at 09:23

score 0 · Answer 1 · answered Nov 19 '21 at 13:18

0

const cryp = window.crypto || window.msCrypto;
var tab= new Uint32Array(1);
cryp.getRandomValues(tab);

answered Nov 19 '21 at 13:18

Khribi Wessim

287
2
12

Alternative of Math.random in javascript

1 Answers1