CSPRNGs are absolutely seedable deterministic functions that will result in entirety reprodible runs.

The only difference is that if you don't know the seed it is computationally difficult to predict the next value given the previous ones. But that's not something any game dev is ever going to want to do (or waste time trying to do)

In contrast, OS CSPRNG APIs usually only provide access to a CSPRNG that the OS seeds on its own, in some way not fully controllable by the user. E.g. using fast key erasure & hashing in data from a hardware entropy pool.

I would expect all RNG algorithms to be deterministic and stable with their seed, but the cryptographically secure ones to have some additional properties like making it unfeasible to reverse the seed from the output, having a very long period or strong guarantees on the distribution of the output. It's just that using a 'secure' algorithm is often overkill for a game when you don't really need those extra guarantees.

> It's just that using a 'secure' algorithm is often overkill for a game when you don't really need those extra guarantees.

It's not overkill here, because this is a turn-based game. The additional cost of using high-quality randomness instead of World's Worst "Randomness" will never even be noticed; I would have expected a CSPRNG to be the default approach.

That said, it is true that while the C# standard library provides a CSPRNG alongside its terrible PRNG, it won't let you seed the CSPRNG. So even if you know what the right thing to do is, Microsoft doesn't want you to do it.

Can you describe what you mean by "oracle attack" here? CSPRNG APIs (at least the ones I've used) usually expose ways to set a specific seed and serialize the RNG state. In fact, arguably the simplest possible CSPRNG, where you just run a (suitably strong) block cipher in counter mode, would seem to meet the requirements for game dev in a straightforward manner.