Now, if the number changes every minute, that's a little over 10,000 samples in a week, certainly enough to determine if they are using weak random number generation.
1) not true. I read an article about a pseudorandom number generator which appeared random to every test they used on it. Then they went and did a monte carlo simulation of something based on that prng. Guess what? It wasn't quite random enough. Lesson: it can be *very* hard to determine randomness. 2) The sequence is not random. It is cryptographically pseudorandom. This is very different. 3) A friend who has a significant math background in crypto stuff has seen the Security Dynamics algorithms (under non-disclosure), and says that they're credible. That vouches for their theory. That they insist on programming the cards and keeping the keys themselves, and that they do not allow you to program the cards yourself, is a major problem, no matter how good their math is. Marc