seedrandom.js

Seeded random number generator for JavaScript.

Version 3.0.5

Author: David Bau

Date: 2019-09-14

Can be used as a plain script, a Node.js module or an AMD module.

Script tag usage

1<script src="//cdnjs.cloudflare.com/ajax/libs/seedrandom/3.0.5/seedrandom.min.js">
2</script>

1// Make a predictable pseudorandom number generator.
2var myrng = new Math.seedrandom('hello.');
3console.log(myrng());                // Always 0.9282578795792454
4console.log(myrng());                // Always 0.3752569768646784
5
6// Use "quick" to get only 32 bits of randomness in a float.
7console.log(myrng.quick());          // Always 0.7316977467853576
8
9// Use "int32" to get a 32 bit (signed) integer
10console.log(myrng.int32());          // Always 1966374204
11
12// Calling seedrandom with no arguments creates an ARC4-based PRNG
13// that is autoseeded using the current time, dom state, and other
14// accumulated local entropy.
15var prng = new Math.seedrandom();
16console.log(prng());                // Reasonably unpredictable.
17
18// Seeds using the given explicit seed mixed with accumulated entropy.
19prng = new Math.seedrandom('added entropy.', { entropy: true });
20console.log(prng());                // As unpredictable as added entropy.
21
22// Warning: if you call Math.seedrandom without `new`, it replaces
23// Math.random with the predictable new Math.seedrandom(...), as follows:
24Math.seedrandom('hello.');
25console.log(Math.random());          // Always 0.9282578795792454
26console.log(Math.random());          // Always 0.3752569768646784
27

Note: calling Math.seedrandom('constant') without new will make Math.random() predictable globally, which is intended to be useful for derandomizing code for testing, but should not be done in a production library. If you need a local seeded PRNG, use myrng = new Math.seedrandom('seed') instead. For example, cryptico, an RSA encryption package, uses the wrong form, and thus secretly makes Math.random() perfectly predictable. The cryptico library (and any other library that does this) should not be trusted in a security-sensitive application.

Other Fast PRNG Algorithms

The package includes some other fast PRNGs. To use Johannes Baagøe's extremely fast Alea PRNG:

1<script src="//cdnjs.cloudflare.com/ajax/libs/seedrandom/3.0.5/lib/alea.min.js">
2</script>

1// Use alea for Johannes Baagøe's clever and fast floating-point RNG.
2var arng = new alea('hello.');
3
4// By default provides 32 bits of randomness in a float.
5console.log(arng());               // Always 0.4783254903741181
6
7// Use "double" to get 56 bits of randomness.
8console.log(arng.double());        // Always 0.8297006866124559
9
10// Use "int32" to get a 32 bit (signed) integer.
11console.log(arng.int32());         // Always 1076136327

Besides alea, there are several other faster PRNGs available. Note that none of these fast PRNGs provide autoseeding: you need to provide your own seed (or use the default autoseeded seedrandom to make a seed).

PRNG name	Time vs native	Period	Author
alea	1.95 ns, 0.9x	~2^116	Baagøe
xor128	2.04 ns, 0.9x	2^128-1	Marsaglia
tychei	2.32 ns, 1.1x	~2^127	Neves/Araujo (ChaCha)
xorwow	2.40 ns, 1.1x	2^192-2^32	Marsaglia
xor4096	2.40 ns, 1.1x	2^4096-2^32	Brent (xorgens)
xorshift7	2.64 ns, 1.3x	2^256-1	Panneton/L'ecuyer
quick	3.80 ns, 1.8x	~2^1600	Bau (ARC4)

(Timings were done on node v0.12.2 on a single-core Google Compute Engine instance. quick is just the 32-bit version of the RC4-based PRNG originally packaged with seedrandom.)

CJS / Node.js usage

npm install seedrandom

1// Local PRNG: does not affect Math.random.
2var seedrandom = require('seedrandom');
3var rng = seedrandom('hello.');
4console.log(rng());                  // Always 0.9282578795792454
5
6// Global PRNG: set Math.random.
7seedrandom('hello.', { global: true });
8console.log(Math.random());          // Always 0.9282578795792454
9
10// Autoseeded ARC4-based PRNG.
11rng = seedrandom();
12console.log(rng());                  // Reasonably unpredictable.
13
14// Mixing accumulated entropy.
15rng = seedrandom('added entropy.', { entropy: true });
16console.log(rng());                  // As unpredictable as added entropy.
17
18// Using alternate algorithms, as listed above.
19var rng2 = seedrandom.xor4096('hello.')
20console.log(rng2());

Starting in version 3, when using via require('seedrandom'), the global Math.seedrandom is no longer available.

Require.js usage

Similar to Node.js usage:

bower install seedrandom

require(['seedrandom'], function(seedrandom) {
  var rng = seedrandom('hello.');
  console.log(rng());                  // Always 0.9282578795792454
});

Network seeding

1<script src=//cdnjs.cloudflare.com/ajax/libs/seedrandom/3.0.5/seedrandom.min.js>
2</script>
3<!-- Seeds using urandom bits from a server. -->
4<script src=//jsonlib.appspot.com/urandom?callback=Math.seedrandom>
5</script>
6
7<!-- Seeds mixing in random.org bits -->
8<script>
9(function(x, u, s){
10  try {
11    // Make a synchronous request to random.org.
12    x.open('GET', u, false);
13    x.send();
14    s = unescape(x.response.trim().replace(/^|\s/g, '%'));
15  } finally {
16    // Seed with the response, or autoseed on failure.
17    Math.seedrandom(s, !!s);
18  }
19})(new XMLHttpRequest, 'https://www.random.org/integers/' +
20  '?num=256&min=0&max=255&col=1&base=16&format=plain&rnd=new');
21</script>

Reseeding using user input

1var seed = Math.seedrandom();        // Use prng with an automatic seed.
2document.write(Math.random());       // Pretty much unpredictable x.
3
4var rng = new Math.seedrandom(seed); // A new prng with the same seed.
5document.write(rng());               // Repeat the 'unpredictable' x.
6
7function reseed(event, count) {      // Define a custom entropy collector.
8  var t = [];
9  function w(e) {
10    t.push([e.pageX, e.pageY, +new Date]);
11    if (t.length < count) { return; }
12    document.removeEventListener(event, w);
13    Math.seedrandom(t, { entropy: true });
14  }
15  document.addEventListener(event, w);
16}
17reseed('mousemove', 100);            // Reseed after 100 mouse moves.

The "pass" option can be used to get both the prng and the seed. The following returns both an autoseeded prng and the seed as an object, without mutating Math.random:

1var obj = Math.seedrandom(null, { pass: function(prng, seed) {
2  return { random: prng, seed: seed };
3}});

Saving and Restoring PRNG state

1var seedrandom = Math.seedrandom;
2var saveable = seedrandom("secret-seed", {state: true});
3for (var j = 0; j < 1e5; ++j) saveable();
4var saved = saveable.state();
5var replica = seedrandom("", {state: saved});
6assert(replica() == saveable());

In normal use the prng is opaque and its internal state cannot be accessed. However, if the "state" option is specified, the prng gets a state() method that returns a plain object the can be used to reconstruct a prng later in the same state (by passing that saved object back as the state option).

Version notes

The random number sequence is the same as version 1.0 for string seeds.

• Version 2.0 changed the sequence for non-string seeds.
• Version 2.1 speeds seeding and uses window.crypto to autoseed if present.
• Version 2.2 alters non-crypto autoseeding to sweep up entropy from plugins.
• Version 2.3 adds support for "new", module loading, and a null seed arg.
• Version 2.3.1 adds a build environment, module packaging, and tests.
• Version 2.3.4 fixes bugs on IE8, and switches to MIT license.
• Version 2.3.6 adds a readable options object argument.
• Version 2.3.10 adds support for node.js crypto (contributed by ctd1500).
• Version 2.3.11 adds an option to load and save internal state.
• Version 2.4.0 adds implementations of several other fast PRNGs.
• Version 2.4.2 adds an implementation of Baagoe's very fast Alea PRNG.
• Version 2.4.3 ignores nodejs crypto when under browserify.
• Version 2.4.4 avoids strict mode problem with global this reference.
• Version 3.0.1 removes Math.seedrandom for require('seedrandom') users.
• Version 3.0.3 updates package.json for CDN entrypoints.
• Version 3.0.5 removes eval to avoid triggering content-security policy.

The standard ARC4 key scheduler cycles short keys, which means that seedrandom('ab') is equivalent to seedrandom('abab') and 'ababab'. Therefore it is a good idea to add a terminator to avoid trivial equivalences on short string seeds, e.g., Math.seedrandom(str + '\0'). Starting with version 2.0, a terminator is added automatically for non-string seeds, so seeding with the number 111 is the same as seeding with '111\0'.

When seedrandom() is called with zero args or a null seed, it uses a seed drawn from the browser crypto object if present. If there is no crypto support, seedrandom() uses the current time, the native rng, and a walk of several DOM objects to collect a few bits of entropy.

Each time the one- or two-argument forms of seedrandom are called, entropy from the passed seed is accumulated in a pool to help generate future seeds for the zero- and two-argument forms of seedrandom.

On speed - This javascript implementation of Math.random() is several times slower than the built-in Math.random() because it is not native code, but that is typically fast enough. Some details (timings on Chrome 25 on a 2010 vintage macbook):

• seeded Math.random() - avg less than 0.0002 milliseconds per call
• seedrandom('explicit.') - avg less than 0.2 milliseconds per call
• seedrandom('explicit.', true) - avg less than 0.2 milliseconds per call
• seedrandom() with crypto - avg less than 0.2 milliseconds per call

Autoseeding without crypto is somewhat slow, about 20-30 milliseconds on a 2012 windows 7 1.5ghz i5 laptop, as seen on Firefox 19, IE 10, and Opera. Seeded rng calls themselves are fast across these browsers, with slowest numbers on Opera at about 0.0005 ms per seeded Math.random().

LICENSE (MIT)

Copyright 2019 David Bau.

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.