On Tue, 6 Feb 2007, Amit Klein wrote: > I don't think that the method described in the paper you referenced > above is applicable as-is [...] (only 32 bits out of the 48 are known). There are attacks published for just about any variant of LCG imaginable, including ones with missing MSB/LSB output bits, etc. But I had a chance to talk to David Litchfield and Chris Anley off the list, and they do use an algorithmic approach, not brute force - that was simply a poor choice of words. /mz
