| /* | |
| XoroshiroNOT PRELIMINARY BETA RELEASE v0.10 (for testing only, as defects unknown to the author may exist, thus all below claims must be independently verified). | |
| XoroshiroNOT Pseudo-Random Number Generator, © Christopher Rutz, All Rights Reserved. Contact information below. | |
| XoroshiroNOT is an extrapolation of xoroshiro++, by S. Vigna and D. Blackman. | |
| XoroshiroNOT may also be referred to as Xoroshiro++- or Xoroshiroppm. | |
| XoroshiroNOT purports to improve upon their work by over-provisioning the underlying xoroshiro state by 50% and flipping the rotate/shift direction, thus providing these many features and characteristics: | |
| 1. Near-ideal pseudo randomness within a given period that is (perhaps uniquely) explicitly defined by, but greater than that inherent in, the underlying (xoroshiro) base generator randomness and period: | |
| A. Randomness period = wordsize^2 - 1, which is easily testable with 8-bit byte and 16-bit word size versions. | |
| B. 16-bit word, 32-bit dword and 64-bit qword versions pass TestU01 BigCr |
XML processing modules may be not secure against maliciously constructed data. An attacker could abuse XML features to carry out denial of service attacks, access logical files, generate network connections to other machines, or circumvent firewalls.
The penetration tester running XML tests against application will have to determine which XML parser is in use, and then to what kinds of below listed attacks that parser will be vulnerable.