V8 uses a linear PRNG, depending on the precision of system time fed, V8 is vulnerable to the same attacks PHP was regarding a weak seed: it could be derived through a brute force search or by reversing the outputs. Given that now that time stamps in browsers use reduced precision, it could be argued that using math.random, V8 is still vulnerable to spectre Never mind that this bug report was closed as working as intended long ago: https://bugs.chromium.org/p/v8/issues/detail?id=2905 Personally I think a reduced round cryptographic function in OFB or something similar would be best. Sent from ProtonMail Mobile