WebApp Sec mailing list archives
Re: Sequence Identification Routines?
From: Charlie Root <weedpower () home ro>
Date: Mon, 09 Dec 2002 20:06:03 +0200
Nick Jacobsen wrote:
I don't know if this might help but I've recently came across a similar web app (it was used to generate the confirmation code for subscribing to a e-zine) and they used an encrypted string (containing something like: subscribe:user_email () mail com)... Now I don't know any encription method that would generate 5 character verification string... yet sometimes putting a string into john might give some surprising resultsI was hoping one of you might have some input here... I am black box testing a web app that generates a 5 character (letter and number only, lowercase) verification string, that it then emails to the email address on file, and then the receiver has to type it in to continue with his registration... now, I am looking for some sort of programming routines, snippets, or programs, that will look at a set of say, a 1000, numbers, and tell me if there is any sensible pattern, off which to predict the next 5 character string in the sequence. Any suggestions welcome! Thanks, Nick Jacobsen Ethics Design nick () ethicsdesign com
Current thread:
- Sequence Identification Routines? Nick Jacobsen (Dec 09)
- Re: Sequence Identification Routines? Charlie Root (Dec 09)
- Re: Sequence Identification Routines? Jeff Williams @ Aspect (Dec 09)
- RE: Sequence Identification Routines? Tony Welsh (Dec 09)
- Re: Sequence Identification Routines? maddany (Dec 09)
- <Possible follow-ups>
- RE: Sequence Identification Routines? Dawes, Rogan (ZA - Johannesburg) (Dec 10)
- RE: Sequence Identification Routines? securityarchitect (Dec 10)