On Mar 23, 2018, at 6:31 PM, Coda Highland <chighland@gmail.com> wrote:> if you see the least significant bit of 128 consecutive calls to > math.random, then you can predict the least significant bit of every > call from there on out. --- I think above statement is only half-right. Above statement is true ONLY if we already solved the 128 coefficient of LSFR.
To solve for the coefficients, we need 256 calls. -> 128 equations with 128 unknown (coefficient) http://practicalcryptography.com/cryptanalysis/modern-cryptanalysis/lfsrs-and-berlekampmassey-algorithm/ | 
