mirror of
https://git.code.sf.net/p/seeddms/code
synced 2025-10-27 03:01:17 +00:00
267 lines
9.6 KiB
JavaScript
267 lines
9.6 KiB
JavaScript
// seedrandom.js
|
|
// Author: David Bau 3/11/2010
|
|
//
|
|
// Defines a method Math.seedrandom() that, when called, substitutes
|
|
// an explicitly seeded RC4-based algorithm for Math.random(). Also
|
|
// supports automatic seeding from local or network sources of entropy.
|
|
//
|
|
// Usage:
|
|
//
|
|
// <script src=http://davidbau.com/encode/seedrandom-min.js></script>
|
|
//
|
|
// Math.seedrandom('yipee'); Sets Math.random to a function that is
|
|
// initialized using the given explicit seed.
|
|
//
|
|
// Math.seedrandom(); Sets Math.random to a function that is
|
|
// seeded using the current time, dom state,
|
|
// and other accumulated local entropy.
|
|
// The generated seed string is returned.
|
|
//
|
|
// Math.seedrandom('yowza', true);
|
|
// Seeds using the given explicit seed mixed
|
|
// together with accumulated entropy.
|
|
//
|
|
// <script src="http://bit.ly/srandom-512"></script>
|
|
// Seeds using physical random bits downloaded
|
|
// from random.org.
|
|
//
|
|
// Examples:
|
|
//
|
|
// Math.seedrandom("hello"); // Use "hello" as the seed.
|
|
// document.write(Math.random()); // Always 0.5463663768140734
|
|
// document.write(Math.random()); // Always 0.43973793770592234
|
|
// var rng1 = Math.random; // Remember the current prng.
|
|
//
|
|
// var autoseed = Math.seedrandom(); // New prng with an automatic seed.
|
|
// document.write(Math.random()); // Pretty much unpredictable.
|
|
//
|
|
// Math.random = rng1; // Continue "hello" prng sequence.
|
|
// document.write(Math.random()); // Always 0.554769432473455
|
|
//
|
|
// Math.seedrandom(autoseed); // Restart at the previous seed.
|
|
// document.write(Math.random()); // Repeat the 'unpredictable' value.
|
|
//
|
|
// Notes:
|
|
//
|
|
// Each time seedrandom('arg') is called, entropy from the passed seed
|
|
// is accumulated in a pool to help generate future seeds for the
|
|
// zero-argument form of Math.seedrandom, so entropy can be injected over
|
|
// time by calling seedrandom with explicit data repeatedly.
|
|
//
|
|
// On speed - This javascript implementation of Math.random() is about
|
|
// 3-10x slower than the built-in Math.random() because it is not native
|
|
// code, but this is typically fast enough anyway. Seeding is more expensive,
|
|
// especially if you use auto-seeding. Some details (timings on Chrome 4):
|
|
//
|
|
// Our Math.random() - avg less than 0.002 milliseconds per call
|
|
// seedrandom('explicit') - avg less than 0.5 milliseconds per call
|
|
// seedrandom('explicit', true) - avg less than 2 milliseconds per call
|
|
// seedrandom() - avg about 38 milliseconds per call
|
|
//
|
|
// LICENSE (BSD):
|
|
//
|
|
// Copyright 2010 David Bau, all rights reserved.
|
|
//
|
|
// Redistribution and use in source and binary forms, with or without
|
|
// modification, are permitted provided that the following conditions are met:
|
|
//
|
|
// 1. Redistributions of source code must retain the above copyright
|
|
// notice, this list of conditions and the following disclaimer.
|
|
//
|
|
// 2. Redistributions in binary form must reproduce the above copyright
|
|
// notice, this list of conditions and the following disclaimer in the
|
|
// documentation and/or other materials provided with the distribution.
|
|
//
|
|
// 3. Neither the name of this module nor the names of its contributors may
|
|
// be used to endorse or promote products derived from this software
|
|
// without specific prior written permission.
|
|
//
|
|
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
//
|
|
/**
|
|
* All code is in an anonymous closure to keep the global namespace clean.
|
|
*
|
|
* @param {number=} overflow
|
|
* @param {number=} startdenom
|
|
*/
|
|
(function (pool, math, width, chunks, significance, overflow, startdenom) {
|
|
|
|
|
|
//
|
|
// seedrandom()
|
|
// This is the seedrandom function described above.
|
|
//
|
|
math['seedrandom'] = function seedrandom(seed, use_entropy) {
|
|
var key = [];
|
|
var arc4;
|
|
|
|
// Flatten the seed string or build one from local entropy if needed.
|
|
seed = mixkey(flatten(
|
|
use_entropy ? [seed, pool] :
|
|
arguments.length ? seed :
|
|
[new Date().getTime(), pool, window], 3), key);
|
|
|
|
// Use the seed to initialize an ARC4 generator.
|
|
arc4 = new ARC4(key);
|
|
|
|
// Mix the randomness into accumulated entropy.
|
|
mixkey(arc4.S, pool);
|
|
|
|
// Override Math.random
|
|
|
|
// This function returns a random double in [0, 1) that contains
|
|
// randomness in every bit of the mantissa of the IEEE 754 value.
|
|
|
|
math['random'] = function random() { // Closure to return a random double:
|
|
var n = arc4.g(chunks); // Start with a numerator n < 2 ^ 48
|
|
var d = startdenom; // and denominator d = 2 ^ 48.
|
|
var x = 0; // and no 'extra last byte'.
|
|
while (n < significance) { // Fill up all significant digits by
|
|
n = (n + x) * width; // shifting numerator and
|
|
d *= width; // denominator and generating a
|
|
x = arc4.g(1); // new least-significant-byte.
|
|
}
|
|
while (n >= overflow) { // To avoid rounding up, before adding
|
|
n /= 2; // last byte, shift everything
|
|
d /= 2; // right using integer math until
|
|
x >>>= 1; // we have exactly the desired bits.
|
|
}
|
|
return (n + x) / d; // Form the number within [0, 1).
|
|
};
|
|
|
|
// Return the seed that was used
|
|
return seed;
|
|
};
|
|
|
|
//
|
|
// ARC4
|
|
//
|
|
// An ARC4 implementation. The constructor takes a key in the form of
|
|
// an array of at most (width) integers that should be 0 <= x < (width).
|
|
//
|
|
// The g(count) method returns a pseudorandom integer that concatenates
|
|
// the next (count) outputs from ARC4. Its return value is a number x
|
|
// that is in the range 0 <= x < (width ^ count).
|
|
//
|
|
/** @constructor */
|
|
function ARC4(key) {
|
|
var t, u, me = this, keylen = key.length;
|
|
var i = 0, j = me.i = me.j = me.m = 0;
|
|
me.S = [];
|
|
me.c = [];
|
|
|
|
// The empty key [] is treated as [0].
|
|
if (!keylen) { key = [keylen++]; }
|
|
|
|
// Set up S using the standard key scheduling algorithm.
|
|
while (i < width) { me.S[i] = i++; }
|
|
for (i = 0; i < width; i++) {
|
|
t = me.S[i];
|
|
j = lowbits(j + t + key[i % keylen]);
|
|
u = me.S[j];
|
|
me.S[i] = u;
|
|
me.S[j] = t;
|
|
}
|
|
|
|
// The "g" method returns the next (count) outputs as one number.
|
|
me.g = function getnext(count) {
|
|
var s = me.S;
|
|
var i = lowbits(me.i + 1); var t = s[i];
|
|
var j = lowbits(me.j + t); var u = s[j];
|
|
s[i] = u;
|
|
s[j] = t;
|
|
var r = s[lowbits(t + u)];
|
|
while (--count) {
|
|
i = lowbits(i + 1); t = s[i];
|
|
j = lowbits(j + t); u = s[j];
|
|
s[i] = u;
|
|
s[j] = t;
|
|
r = r * width + s[lowbits(t + u)];
|
|
}
|
|
me.i = i;
|
|
me.j = j;
|
|
return r;
|
|
};
|
|
// For robust unpredictability discard an initial batch of values.
|
|
// See http://www.rsa.com/rsalabs/node.asp?id=2009
|
|
me.g(width);
|
|
}
|
|
|
|
//
|
|
// flatten()
|
|
// Converts an object tree to nested arrays of strings.
|
|
//
|
|
/** @param {Object=} result
|
|
* @param {string=} prop */
|
|
function flatten(obj, depth, result, prop) {
|
|
result = [];
|
|
if (depth && typeof(obj) == 'object') {
|
|
for (prop in obj) {
|
|
if (prop.indexOf('S') < 5) { // Avoid FF3 bug (local/sessionStorage)
|
|
try { result.push(flatten(obj[prop], depth - 1)); } catch (e) {}
|
|
}
|
|
}
|
|
}
|
|
return result.length ? result : '' + obj;
|
|
}
|
|
|
|
//
|
|
// mixkey()
|
|
// Mixes a string seed into a key that is an array of integers, and
|
|
// returns a shortened string seed that is equivalent to the result key.
|
|
//
|
|
/** @param {number=} smear
|
|
* @param {number=} j */
|
|
function mixkey(seed, key, smear, j) {
|
|
seed += ''; // Ensure the seed is a string
|
|
smear = 0;
|
|
for (j = 0; j < seed.length; j++) {
|
|
key[lowbits(j)] =
|
|
lowbits((smear ^= key[lowbits(j)] * 19) + seed.charCodeAt(j));
|
|
}
|
|
seed = '';
|
|
for (j in key) { seed += String.fromCharCode(key[j]); }
|
|
return seed;
|
|
}
|
|
|
|
//
|
|
// lowbits()
|
|
// A quick "n mod width" for width a power of 2.
|
|
//
|
|
function lowbits(n) { return n & (width - 1); }
|
|
|
|
//
|
|
// The following constants are related to IEEE 754 limits.
|
|
//
|
|
startdenom = math.pow(width, chunks);
|
|
significance = math.pow(2, significance);
|
|
overflow = significance * 2;
|
|
|
|
//
|
|
// When seedrandom.js is loaded, we immediately mix a few bits
|
|
// from the built-in RNG into the entropy pool. Because we do
|
|
// not want to intefere with determinstic PRNG state later,
|
|
// seedrandom will not call math.random on its own again after
|
|
// initialization.
|
|
//
|
|
mixkey(math.random(), pool);
|
|
|
|
// End anonymous scope, and pass initial values.
|
|
})(
|
|
[], // pool: entropy pool starts empty
|
|
Math, // math: package containing random, pow, and seedrandom
|
|
256, // width: each RC4 output is 0 <= x < 256
|
|
6, // chunks: at least six RC4 outputs for each double
|
|
52 // significance: there are 52 significant digits in a double
|
|
);
|