Is Math.random() cryptographically secure?

Question

How good are algorithms used in Javascript Math.random() in different browsers? Is it okay to use it for generating salts and one-time passwords?

How ma

Answer 1

Nope; JavaScript's Math.random() function is not a cryptographically-secure random number generator. You are better off using the JavaScript Crypto Library's Fortuna implementation which is a strong pseudo-random number generator (have a look at src/js/Clipperz/Crypto/PRNG.js), or the Web Crypto API for getRandomValues

• Here is a detailed explanation: How trustworthy is javascript's random implementation in various browsers?
• Here is how to generate a good crypto grade random number: Secure random numbers in javascript?