This is a field I am currently investigating for my studies (the prediction
of random sequences). If what you want is just to exhibit a pattern, you
should look at the delayed coordinates method as explained in Michael
Zalewski's paper "Strange Attractors and TCP/IP Sequence Number Analysis"
and in Richard Bowman's "Evaluating pseudo-random number generators". This
method provides a general way to show the underlying structure of a PRNG.
Richard Bowman also discusses other ways to analyze the output of a PRNG in
the paper I mentionned, I think it's worth looking at.

If what you actually want to do is to predict the output of the PRNG, then
you should look at Zalewski's paper. "Using the general next bit predictor
like an evaluation criteria" by Hernandez, Sierra, Perera, Borrajo,
Ribagorda and Isasi might also be of some interest to you. And finally, if
you know that the PRNG is a linear congruential one, you should look at
"Inferring sequences produced by pseudo-random number generators" by Joan
Boyar.

I am also interested if some of you out there know some other resources.

Best regards,

maddany

----- Original Message -----
From: "Nick Jacobsen" <nickethicsdesign.com>
To: <webappsecsecurityfocus.com>
Sent: Monday, December 09, 2002 9:51 AM
Subject: Sequence Identification Routines?

> I was hoping one of you might have some input here... I am black box
> testing a web app that generates a 5 character (letter and number only,
> lowercase) verification string, that it then emails to the email address
on
> file, and then the receiver has to type it in to continue with his
> registration... now, I am looking for some sort of programming routines,
> snippets, or programs, that will look at a set of say, a 1000, numbers,
and
> tell me if there is any sensible pattern, off which to predict the next 5
> character string in the sequence. Any suggestions welcome!
>
> Thanks,
> Nick Jacobsen
> Ethics Design
> nickethicsdesign.com
>
>
>

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]