Please use a cryptographically secure random number generator when rolling dice (or other random number generation). The pseudo-random number generators that are the default do not produce very random results.
With a little bit of work, one can figure out the pseudo-random number generator seed and then predict the next dice rolls. Once could then just hit the roll dice button until they know that the next dice roll will be good enough for what they need.
It's all running client-side. If you want to, you can just inject some javascript, and it'll report whatever rolls you want. A cryptographically secure RNG could have its internal state inspected.
There is no security.
Nor does there need to be. D&D dice rolling is not a high-security activity. The fact that it's all client side means it still works even if there's a networking problem, and that's way more important for real play.
The solution to "people can cheat" is "don't play with people who'd cheat". That is the way it's always been. It's hard enough for normal people to cheat that there's no temptation, and that's plenty.
Also, while I have done no actual digging into how it works, with both a PRNG (I assume it's the javascript default, which is Mersenne Twister IIRC) and a physics model involved, I think you're understating the "little bit of work" required.
So, the cheating point isn't valid, but the pseudo-random number generator doesn't produce good results.
A cryptographic random number generator doesn't use a server. It is all local. This generator is used whenever the browser makes a connection to a server. In other words, the browser uses it a lot.
I'm simply asking for an enhancement to the random number generation.
Now: Something weird is going on with the formatting of my message. Sorry for the mess.
So, the cheating point isn't valid, but the pseudo-random number generator doesn't produce good results.
A cryptographic random number generator doesn't use a server. It is all local. This generator is used whenever the browser makes a connection to a server. In other words, the browser uses it a lot.
I'm simply asking for an enhancement to the random number generation.
Now: Something weird is going on with the formatting of my message. Sorry for the mess.
Have you had an experience that has led you to believe that the current pRNG system isn't adequately random fort the purpose of playing D&D?
Please use a cryptographically secure random number generator when rolling dice (or other random number generation). The pseudo-random number generators that are the default do not produce very random results.
With a little bit of work, one can figure out the pseudo-random number generator seed and then predict the next dice rolls. Once could then just hit the roll dice button until they know that the next dice roll will be good enough for what they need.
It's all running client-side. If you want to, you can just inject some javascript, and it'll report whatever rolls you want. A cryptographically secure RNG could have its internal state inspected.
There is no security.
Nor does there need to be. D&D dice rolling is not a high-security activity. The fact that it's all client side means it still works even if there's a networking problem, and that's way more important for real play.
The solution to "people can cheat" is "don't play with people who'd cheat". That is the way it's always been. It's hard enough for normal people to cheat that there's no temptation, and that's plenty.
Also, while I have done no actual digging into how it works, with both a PRNG (I assume it's the javascript default, which is Mersenne Twister IIRC) and a physics model involved, I think you're understating the "little bit of work" required.
So, the cheating point isn't valid, but the pseudo-random number generator doesn't produce good results.
A cryptographic random number generator doesn't use a server. It is all local. This generator is used whenever the browser makes a connection to a server. In other words, the browser uses it a lot.
I'm simply asking for an enhancement to the random number generation.
Now: Something weird is going on with the formatting of my message. Sorry for the mess.
Have you had an experience that has led you to believe that the current pRNG system isn't adequately random fort the purpose of playing D&D?
Find my D&D Beyond articles here