WebApp Sec mailing list archives
Re: Sequence Identification Routines?
From: "maddany" <maddany () madchat org>
Date: Mon, 9 Dec 2002 22:27:36 +0100
This is a field I am currently investigating for my studies (the prediction of random sequences). If what you want is just to exhibit a pattern, you should look at the delayed coordinates method as explained in Michael Zalewski's paper "Strange Attractors and TCP/IP Sequence Number Analysis" and in Richard Bowman's "Evaluating pseudo-random number generators". This method provides a general way to show the underlying structure of a PRNG. Richard Bowman also discusses other ways to analyze the output of a PRNG in the paper I mentionned, I think it's worth looking at. If what you actually want to do is to predict the output of the PRNG, then you should look at Zalewski's paper. "Using the general next bit predictor like an evaluation criteria" by Hernandez, Sierra, Perera, Borrajo, Ribagorda and Isasi might also be of some interest to you. And finally, if you know that the PRNG is a linear congruential one, you should look at "Inferring sequences produced by pseudo-random number generators" by Joan Boyar. I am also interested if some of you out there know some other resources. Best regards, maddany ----- Original Message ----- From: "Nick Jacobsen" <nick () ethicsdesign com> To: <webappsec () securityfocus com> Sent: Monday, December 09, 2002 9:51 AM Subject: Sequence Identification Routines?
I was hoping one of you might have some input here... I am black box testing a web app that generates a 5 character (letter and number only, lowercase) verification string, that it then emails to the email address
on
file, and then the receiver has to type it in to continue with his registration... now, I am looking for some sort of programming routines, snippets, or programs, that will look at a set of say, a 1000, numbers,
and
tell me if there is any sensible pattern, off which to predict the next 5 character string in the sequence. Any suggestions welcome! Thanks, Nick Jacobsen Ethics Design nick () ethicsdesign com
Current thread:
- Sequence Identification Routines? Nick Jacobsen (Dec 09)
- Re: Sequence Identification Routines? Charlie Root (Dec 09)
- Re: Sequence Identification Routines? Jeff Williams @ Aspect (Dec 09)
- RE: Sequence Identification Routines? Tony Welsh (Dec 09)
- Re: Sequence Identification Routines? maddany (Dec 09)
- <Possible follow-ups>
- RE: Sequence Identification Routines? Dawes, Rogan (ZA - Johannesburg) (Dec 10)
- RE: Sequence Identification Routines? securityarchitect (Dec 10)