Joe Rhett (jrhett@Navigist.Com)
Fri, 10 Jul 1998 15:49:44 -0700 (PDT)
> Suggestion for a random number generator:
>
> Take the current timestamp (including seconds) and feed it into a search
> engine (lycos or altavista would probably work best).
Slow. Subject to denial of service attacks by RST packets with forged
IP, nevermind more creative stuff.
> Take the (more-or-less random) results and hash the results pages in some
> fashion (the actual raw html) to get bits.
So I pull up an Altavista results page and get a guaranteed format for x
many bits, followed by "randomness" (limited about 100 characters
actually) in small blocks surrounded by known plaintext.
It really wouldn't be difficult to spend an hour or two, and come up
with a very limited range of numbers that could be generated from this.
..especially that determining timestamps is so easy, you can prefetch
the same data and attack a very limited space.
-- Joe Rhett Systems Engineer JRhett@Navigist.Com NavigistPGP keys and contact information: http://www.navigist.com/Staff/JRhett
The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:20:16 ADT