RE: Sequence Identification Routines?

["Tony Welsh" <lists () evolvedcode net>]

Nick,

Might be off on a tangent to what you are looking for but there are a
batch of tests called "DieHard" which are widely touted to be able to
analyse PRNGs - assuming the code is random and not a checksum they may
be some help in working to identify the type of sequence or engine in
use;

http://stat.fsu.edu/~geo/

Be warned that although I have managed to get the code running in the
past I seem to remember it taking a bit of effort...  That said though
I'm sure a quick google might turn up some modern variants.

Regards
Tony

-----Original Message-----
From: Nick Jacobsen [mailto:nick () ethicsdesign com] 
Sent: 09 December 2002 08:52
To: webappsec () securityfocus com
Subject: Sequence Identification Routines?


I was hoping one of you might have some input here...  I am black box
testing a web app that generates a 5 character (letter and number only,
lowercase) verification string, that it then emails to the email address
on file, and then the receiver has to type it in to continue with his
registration...  now, I am looking for some sort of programming
routines, snippets, or programs, that will look at a set of say, a 1000,
numbers, and tell me if there is any sensible pattern, off which to
predict the next 5 character string in the sequence.  Any suggestions
welcome!

Thanks,
Nick Jacobsen
Ethics Design
nick () ethicsdesign com