Security is hard. In a current project I saw some code that created some access tokens based on a random number generator – .NET’s
Random class. The code used an instance of
Random stored in
static field and I got curious:
If you have such a long living
Randominstance, could you predict the random values after generating a few of them?
It turns out, it is possible. And you only need to read 56 55 “random” values to predict all future values.