The application that Sam F helps support acts as a sort of "parallel data entry" platform. Users from different parts of the world aggregate and enter all sorts of data from different sources. Duplicate data entry was fairly commonplace, but it was rarely a problem that running a few complicated scripts couldn't clean up later. And therein laid the problem: "later" sometimes meant days or weeks.

In an attempt to deliver more accurate data sooner, Sam's colleague was tasked with hashing the data upon entry and using it as a sort of "instant" comparison. The fix seemed to help: users were warned about duplicate data, and management was satisfied with the reduction in duplicate data.

Fast forward a few months, and Sam wanted to use the hashing logic for a similar problem. After poking around for a bit in the backend code, Sam had no luck finding anything. But then he did a project-wide search and found that the hash function was implemented client side with Javascript.

But the pain didn't end there. Sam first saw that createHash wasn't called with arguments, which was odd. He then looked up the method definition and wanted to scratch his eyes out.

function createHash() {
  var var1 = Math.floor(9999999999999 * (Math.random() % 1));
  var var2 = Math.floor(9999999999999 * (Math.random() % 1));
  var var3 = Math.floor(9999999999999 * (Math.random() % 1));


  var hash = var1.toString(16) 
           + var2.toString(16) 
           + var3.toString(16) 

 return hash;
}

Sam wondered how the code ever made it past testing... but then he remembered the overall standard for QA in his organization. As tempted as he was to use the nondeterministic hash, he just implemented a quick SHA-1.