JS’s Math.random is not a system (or CS) RNG, and a few years back it was barely an RNG at all: https://medium.com/@betable/tifu-by-using-math-random-f1c308...

So no, Math.random is very much not

> as reliable a source of randomness as the system

that's horrifying. I do slightly disagree with the final thoughts and works say that one of the xoshiro 256 generators is probably better than the 1024 ones. 256 bits of state is plenty to give you a longer cycle length than you will ever need (even considering birthday paradox) and the reduced state means it fits in a single cache line

After the linked article as well as https://jandemooij.nl/blog/math-random-and-32-bit-precision/ which follows from it, the main three browsers (Chrome[0], Firefox[1], Safari[2]) actually switched to Xorshift128+. So these days Math.random is nowhere near as horrifying as it was back then, however it's still not a system or a userland CSPRNG, for that you need `crypto.getRandomValues()` (https://developer.mozilla.org/en-US/docs/Web/API/Crypto/getR...).

[0] https://v8.dev/blog/math-random

[1] https://bugzilla.mozilla.org/show_bug.cgi?id=322529#c99

[2] https://bugs.webkit.org/show_bug.cgi?id=151641