Understanding Random Number Generation for Lottery Programs and Cryptographic Security in JavaScript

The article, authored by Liu Guanyu, a web front‑end expert, examines the frequent use of random number generators in year‑end lottery activities and explains why the built‑in Math.random is unsuitable for security‑critical scenarios.

It introduces the concepts of true random numbers versus pseudo‑random numbers, describing TRNGs, PRNGs, and the importance of unpredictability, non‑repeatability, and randomness for cryptographic applications, and outlines the role of seeds and algorithms.

The piece discusses common PRNG algorithms, highlights the V8 engine’s implementation of xorshift128+ for Math.random, and notes its lack of cryptographic security, including its deterministic behavior when multiple threads share the same seed.

For secure lottery draws, the author recommends using the Web Crypto API’s Crypto.getRandomValues and provides a JavaScript snippet that defines a randomSafe function wrapping this API to produce a uniformly distributed value in [0,1).

(function(){
  var rng = window.crypto || window.msCrypto;
  if (rng === undefined) {
    return;
  }
  window.randomSafe = function(){
    return rng.getRandomValues(new Uint32Array(1))[0] / 0xFFFFFFFF;
  }
})();

Additional references to NIST randomness tests, Web Crypto specifications, and related resources are listed for readers who wish to explore the topic further.