How random is JavaScript’s Math.random?

How random is JavaScript’s Math.random?

For 6 years I’ve had a random number generator page on my website. For a long time, it was the first or second result on Google for “random number generator” and has been used to decide dozens, if not hundreds of contests and drawings on discussion forums and blogs (I know because I see the referrers in my web logs and usually go take a look).
Today, someone emailed me to tell me it may not be as random as I thought. She tried generating very large random numbers (e.g., between 1 and 10000000000000000000) and found that they were almost always the same number of digits. Indeed, I wrapped the function in a loop so I could generate thousands of numbers and sure enough, for very large numbers, the variation was only about 2 orders of magnitude.
Why?
Here is the looping version, so you can try it out for yourself:
http://andrew.hedges.name/experiments/random/randomness.html
It includes both a straightforward implementation taken from the Mozilla Developer Network and some code from 1997 that I swiped off a web page that no longer exists (Paul Houle’s “Central Randomizer 1.3”). View source to see how each method works.
I’ve read here and elsewhere about Mersenne Twister. What I’m interested in is why there wouldn’t be greater variation in the results from JavaScript’s built-in Math.random function. Thanks!

Solutions/Answers:

Solution 1:

Given numbers between 1 and 100.

  • 9 have 1 digit (1-9)
  • 90 have 2 digits (10-99)
  • 1 has 3 digits (100)

Given numbers between 1 and 1000.

  • 9 have 1 digit
  • 90 have 2 digits
  • 900 have 3 digits
  • 1 has 4 digits

and so on.

So if you select some at random, then that vast majority of selected numbers will have the same number of digits, because the vast majority of possible values have the same number of digits.

Solution 2:

Your results are actually expected. If the random numbers are uniformly distributed in a range 1 to 10^n, then you would expect about 9/10 of the numbers to have n digits, and a further 9/100 to have n-1 digits.

Solution 3:

There different types of randomness. Math.random gives you an uniform distribution of numbers.

If you want different orders of magnitude, I would suggest using an exponential function to create what’s called a power law distribution:

function random_powerlaw(mini, maxi) {
    return Math.ceil(Math.exp(Math.random()*(Math.log(maxi)-Math.log(mini)))*mini)
}

This function should give you roughly the same number of 1-digit numbers as 2-digit numbers and as 3-digit numbers.

There are also other distributions for random numbers like the normal distribution (also called Gaussian distribution).

Solution 4:

The following paper explains how math.random() in major Web browsers is (un)secure:
“Temporary user tracking in major browsers and Cross-domain information
leakage and attacks” by Amid Klein (2008)
. It’s no stronger than typical Java or Windows built-in PRNG functions.

On the other hand, implementing SFMT of the period 2^19937-1 requires 2496 bytes of the internal state maintained for each PRNG sequence. Some people may consider this as unforgivable cost.

Solution 5:

Looks perfectly random to me!
(Hint: It’s browser dependent.)

Personally, I think my implementation would be better, although I stole it off from XKCD, who should ALWAYS be acknowledged:

function random() {
  return 4; // Chosen by a fair dice throw. Guaranteed to be random.
}

Solution 6:

If you use a number like 10000000000000000000 you’re going beyond the accuracy of the datatype Javascript is using. Note that all the numbers generated end in “00”.