Ben Laurie writes: > Oh, and I should say that number of ports and standard deviation are not > a GREAT way to test for "randomness". For example, the sequence 1000, > 2000, ..., 27000 has 27 ports and a standard deviation of over 7500, > which looks pretty GREAT to me. But not very "random".
That's a good point, Ben. Dan Kaminsky's DNS tester at http://www.doxpara.com/ does include output like this: Your name server, at 1.2.3.4, appears to be safe, but make sure the ports listed below aren't following an obvious pattern (:1001, :1002, :1003, or :30000, :30020, :30100...). Requests seen for dae687514c50.doxdns5.com: 1.2.3.4:34023 TXID=64660 1.2.3.4:50662 TXID=51678 1.2.3.4:55984 TXID=49711 1.2.3.4:17745 TXID=12263 1.2.3.4:26318 TXID=59610 This shows only the last 5 ports so it won't detect an LCG, but at least it can detect some of the more obvious patterns. Hal Finney --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]