WebApp Sec mailing list archives
RE: Sequence Identification Routines?
From: "Tony Welsh" <lists () evolvedcode net>
Date: Mon, 9 Dec 2002 20:18:11 -0000
Nick, Might be off on a tangent to what you are looking for but there are a batch of tests called "DieHard" which are widely touted to be able to analyse PRNGs - assuming the code is random and not a checksum they may be some help in working to identify the type of sequence or engine in use; http://stat.fsu.edu/~geo/ Be warned that although I have managed to get the code running in the past I seem to remember it taking a bit of effort... That said though I'm sure a quick google might turn up some modern variants. Regards Tony -----Original Message----- From: Nick Jacobsen [mailto:nick () ethicsdesign com] Sent: 09 December 2002 08:52 To: webappsec () securityfocus com Subject: Sequence Identification Routines? I was hoping one of you might have some input here... I am black box testing a web app that generates a 5 character (letter and number only, lowercase) verification string, that it then emails to the email address on file, and then the receiver has to type it in to continue with his registration... now, I am looking for some sort of programming routines, snippets, or programs, that will look at a set of say, a 1000, numbers, and tell me if there is any sensible pattern, off which to predict the next 5 character string in the sequence. Any suggestions welcome! Thanks, Nick Jacobsen Ethics Design nick () ethicsdesign com
Current thread:
- Sequence Identification Routines? Nick Jacobsen (Dec 09)
- Re: Sequence Identification Routines? Charlie Root (Dec 09)
- Re: Sequence Identification Routines? Jeff Williams @ Aspect (Dec 09)
- RE: Sequence Identification Routines? Tony Welsh (Dec 09)
- Re: Sequence Identification Routines? maddany (Dec 09)
- <Possible follow-ups>
- RE: Sequence Identification Routines? Dawes, Rogan (ZA - Johannesburg) (Dec 10)
- RE: Sequence Identification Routines? securityarchitect (Dec 10)