Java: MATH.random exploit

Discuss how to write good code, break bad code, your current pet projects, or the best way to approach novel problems

Java: MATH.random exploit

Post by Nemo_Sum on Mon Oct 29, 2012 10:17 pm
([msg=70491]see Java: MATH.random exploit[/msg])

I'm new to Java and object oriented programming in general, so I may have bitten off a bit more than I can chew with my current project. I was wondering what you all knew about the MATH.random method. I'm assuming it uses a seed, but I can't find the approximate length of the seeds, or any other details that might be vaguely helpful really. Basically, the program I'm working on simulates a dice roll using MATH.random, but I'd like to hack my program and see if I'm able to predict the outcome of the dice roll before it happens. Ultimately, I'm wondering what security flaws are presented specifically by using MATH.random to generate my rolls. If you have any insights or can direct me to any information that might be useful, I'd really appreciate the help.
Nemo_Sum
New User
New User
 
Posts: 6
Joined: Mon Nov 30, 2009 4:30 pm
Blog: View Blog (0)


Re: Java: MATH.random exploit

Post by centip3de on Tue Oct 30, 2012 12:56 pm
([msg=70501]see Re: Java: MATH.random exploit[/msg])

Nemo_Sum wrote:I'm new to Java and object oriented programming in general, so I may have bitten off a bit more than I can chew with my current project. I was wondering what you all knew about the MATH.random method. I'm assuming it uses a seed, but I can't find the approximate length of the seeds, or any other details that might be vaguely helpful really. Basically, the program I'm working on simulates a dice roll using MATH.random, but I'd like to hack my program and see if I'm able to predict the outcome of the dice roll before it happens. Ultimately, I'm wondering what security flaws are presented specifically by using MATH.random to generate my rolls. If you have any insights or can direct me to any information that might be useful, I'd really appreciate the help.


Here's the API documentation, goes pretty in depth. Also, the seed that random functions usually use is either the system time, or the number of current cycles of the CPU since a certain date (similar to the system time), but generally they use a seed that is constantly changing, or else you'd never have random... But anyway, I suppose if you were able to edit the system time (or, find out the future cycles), you could feasibly figure this out, but it seems to be a bit too much trouble than it's worth. Seems like a cool project though.
Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning. -Rick Cook
User avatar
centip3de
Moderator
Moderator
 
Posts: 1412
Joined: Fri Aug 20, 2010 5:46 pm
Blog: View Blog (0)


Re: Java: MATH.random exploit

Post by Nemo_Sum on Fri Nov 16, 2012 11:49 am
([msg=70956]see Re: Java: MATH.random exploit[/msg])

Thanks! That's great information. And sounds like a lot of fun. I think I'll play around with that idea and see what I can do. Like you said, it's probably more trouble than it's worth for anyone from the outside trying to exploit the system, but this sounds like a great personal project.
Nemo_Sum
New User
New User
 
Posts: 6
Joined: Mon Nov 30, 2009 4:30 pm
Blog: View Blog (0)



Return to Programming

Who is online

Users browsing this forum: No registered users and 0 guests