Is Math.random() cryptographically secure?

Question

How good are algorithms used in Javascript Math.random() in different browsers? Is it okay to use it for generating salts and one-time passwords?

How ma

Answer 1

Math.random() is not cryptographically secure. Also Veracode will point this occurrence with

CWE-331 (Insufficient Entropy)

We could make use of SecureRandom to implement similar functionality.

new SecureRandom().nextDouble();