Comment On Securely Random Strings

protected String getPostComment()

{

    String uncleanCommentString = System.Web.Security.Membership.GeneratePassword(10, 0);

    uncleanCommentString = uncleanCommentString.Replace("FRIST", ":)");

    uncleanCommentString = uncleanCommentString.Replace("The real WTF...", ":)");

    uncleanCommentString = uncleanCommentString.Replace("Irish Girl", ":)");

    uncleanCommentString = uncleanCommentString.Replace("Paula Bean", ":)");

    uncleanCommentString = uncleanCommentString.Replace("The goggles!!", ":)");

    return uncleanCommentString;

}

First to say First.

ParkinT:

    uncleanCommentString = uncleanCommentString.Replace("Irish Girl", ":)");

You had to remind me of her didn't you. After she had my baby and ran off with Mr. Viagra I haven't seen her since.

Leper! Outcast! Unclean!

However, as a WTF this one really isn't so awful. GeneratePassword uses decent randomness, and stripping out non-alphas is OK for a URL.

I see the WTF, they should have used a regexp.

Just make a char[] and fill it with random numbers between 'a' and 'z', return it with the string constructor.

vahokif:

Just make a char[] and fill it with random numbers between 'a' and 'z', return it with the string constructor.

I can't find any numbers between 'a' and 'z'. Now what?

the beholder:

vahokif:

Just make a char[] and fill it with random numbers between 'a' and 'z', return it with the string constructor.

I can't find any numbers between 'a' and 'z'. Now what?

What have you done with 98?

Random? Check.

Clean? Oh ...


Nothing to do with Shanghai girls, then ...

Is the WTF that he returns an "uncleanRandomString" instead of a clean one?

Why not just use /dev/random?

That's what it's there for.

When selecting trim, randomness is the most desired trait. Cleanliness is the second.

The idea is not so horrible. Chances are low, but this definitely increased the possibility of generating two identical random strings.

But you weren't looking for ASCII conversion, you were looking for HttpServerUtility.UrlEncode(str), isn't it?

the beholder:

vahokif:

Just make a char[] and fill it with random numbers between 'a' and 'z', return it with the string constructor.

I can't find any numbers between 'a' and 'z'. Now what?

You aren't looking hard enough. This may require a special keyboard. You may have to spell the numbers out. Be a problem solver man.

protected String getRanString()
{
// Random string generated by a fair pick of scrabble letters for a bag
return "Brillant";
}

the beholder:

vahokif:

Just make a char[] and fill it with random numbers between 'a' and 'z', return it with the string constructor.

I can't find any numbers between 'a' and 'z'. Now what?

What?!? Don't you remember the song:

A B C D 1 2 3 E F G H 4 5 6 7 8...

the beholder:

vahokif:

Just make a char[] and fill it with random numbers between 'a' and 'z', return it with the string constructor.

I can't find any numbers between 'a' and 'z'. Now what?

But 'a' and 'z' ARE numbers...

#include <stdio.h>

int main() {

    int i;

    for (i = 'a'; i <= 'z'; i++) {

        printf("%i\n",i);

    }

    return 0;

}

public static string GeneratePassword (int length, int numberOfNonAlphanumericCharacters)

protected String getRanString()
{
return GeneratePassword(10,0);
}

The remaining code is useless because the 2nd argument asks for zero punctuation characters.

Noone's posted "Frist" as parsed by that encoder?

I am disappoint.

sagaciter:

the beholder:

vahokif:

Just make a char[] and fill it with random numbers between 'a' and 'z', return it with the string constructor.

I can't find any numbers between 'a' and 'z'. Now what?

But 'a' and 'z' ARE numbers...

#include <stdio.h>

int main() {

    int i;

    for (i = 'a'; i <= 'z'; i++) {

        printf("%i\n",i);

    }

    return 0;

}

*woosh* <-- joke
O
\|/
| <-- you
/ \

Lockwood:

Noone's posted "Frist" as parsed by that encoder?

I am disappoint.

There is no "s" on that list. I suppose 1 could go "}]^-?"

I can see 'i' and 'e', but then I'm irrational

Wondering how the creator of this mess decided on which characters to substitute for the "bad" chars. "a" appears twice, there are some letters and some numbers. It would seem that the easiest options are to either replace everything with the same letter, or replace !->a, @->b, #->c, etc.

Why do I have the sneaking suspicion that he ran GeneratePassword and hand-selected the alphanumerics to use as the substitute in order to be "more randomer"?

You mean he meant that the original creator of that code probably didn't know that?

Well, that was funny.

Roby McAndrew:

I can see 'i' and 'e', but then I'm irrational

And imaginative.

RichP:

Why do I have the sneaking suspicion that he ran GeneratePassword and hand-selected the alphanumerics to use as the substitute in order to be "more randomer"?

Assuming what someone else said is true then most definitely not or he would have realised that no non-alphnumerics were getting generated anyway...

Hmmmm:

Assuming what someone else said is true is never a good idea as it often isn't. The 2nd param is the minimum number of non-alphanumerics not the maximum or actual number.

FTFM

obligatory xkcd:

http://xkcd.com/221/

Hmmmm:

Hmmmm:

Assuming what someone else said is true is never a good idea as it often isn't. The 2nd param is the minimum number of non-alphanumerics not the maximum or actual number.

FTFM

^^ is correct. I misunderstood/misread the MSDN documentation.

Hmmmm:

Hmmmm:

Assuming what someone else said is true is never a good idea as it often isn't. The 2nd param is the minimum number of non-alphanumerics not the maximum or actual number.

FTFM

from http://msdn.microsoft.com/en-us/library/system.web.security.membership.generatepassword.aspx

public static string GeneratePassword(
int length,
int numberOfNonAlphanumericCharacters
)

...even though it's specified in the docs that it's the minimum number of the alpha chars (not the actual) it's totally lame that the second parameter is called 'numberOfNonAlphanumericCharacters' and not 'minimumNumberOfNonAlphanumericCharacters' (or some shorter equivalent)

Guids, man. Pork of the future.

"System.Web.Security.Membership.GeneratePassword"? Ugh. You think they could cram a few more levels of hierarchical namespacing into that if they tried? Just in case 5 isn't ugly enough for someone out there?

Mason Wheeler:

"System.Web.Security.Membership.GeneratePassword"? Ugh. You think they could cram a few more levels of hierarchical namespacing into that if they tried? Just in case 5 isn't ugly enough for someone out there?

ACK and you say receive:
System.Web.Application.Security.Membership.User.Account.Password.GeneratePassword

the beholder:

vahokif:

Just make a char[] and fill it with random numbers between 'a' and 'z', return it with the string constructor.

I can't find any numbers between 'a' and 'z'. Now what?

Translate to Hebrew. But your rabbi is out of town. Now what do you do?

troll2:

Mason Wheeler:

"System.Web.Security.Membership.GeneratePassword"? Ugh. You think they could cram a few more levels of hierarchical namespacing into that if they tried? Just in case 5 isn't ugly enough for someone out there?

ACK and you say receive:
System.Web.Application.Security.Membership.User.Account.Password.GeneratePassword

Com.Innotech.corporation.We.Build.The.Future.TM.System.Web.Application.Security.Membership.User.Account.Password.GeneratePassword

the beholder:

vahokif:

Just make a char[] and fill it with random numbers between 'a' and 'z', return it with the string constructor.

I can't find any numbers between 'a' and 'z'. Now what?

You need to use a different keyboard layout. qwerty or azerty won't work. Try dvorak.

Code Challenge:
The shortest legible password generator that considers the following:
- Alpha only, or alpha numeric, or alpha-num + symbols
- Miminum and maximum length can be specified
- Minimum/maximum length of any group (alpha, num etc.) can be specified.
- Sufficiently random

Bonus points:
- No dictionary words from lang of choice
- Uniformly distributed over possible set of characters
And....
GO

#!/usr/bin/perl
sub GenPW{print "Go ask your mom\n";}
1;

harperska:

obligatory xkcd:

http://xkcd.com/221/

First thing that came to my mind as well ...

What? Didn't he know you should do it all in one line?

String uncleanRandomString = System.Web.Security.Membership.GeneratePassword(10, 0).Replace("!", "a").Replace("@", "2").Replace("#", "c").Replace("$", "4").Replace("%", "3").Replace("^", "i").Replace("&", "a").Replace("*", "9").Replace("(", "g").Replace(")", "m").Replace("_", "d").Replace("-", "5").Replace("+", "p").Replace("=", "q").Replace("[", "w").Replace("{", "t").Replace("]", "r").Replace("}", "f").Replace(";", "8").Replace(":", "z").Replace("<", "x").Replace(">", "0").Replace("|", "v").Replace(".", "b").Replace("/", "y").Replace("?", "t");

Joe:

the beholder:

vahokif:

Just make a char[] and fill it with random numbers between 'a' and 'z', return it with the string constructor.

I can't find any numbers between 'a' and 'z'. Now what?

You need to use a different keyboard layout. qwerty or azerty won't work. Try dvorak.

There are no numbers between a and z on a dvorak keyboard. Just 'aoeuidhtns-' on the home row and 'zvwmbxkjq;' (right to left) on the bottom one. The closest you get is a dash or a semicolon.

There are plenty of numbers between 'a' and 'z':

perl -e '$X="a";while ($X le "z"){print $X++;}'
abcdefghijklmnopqrstuvwxyz

Foo Bar:

Leper! Outcast! Unclean!

Thomas Covenant. Classy :).

Ran string is string that constantly runs through memory invalidating its pointer.

wonk:

Roby McAndrew:

I can see 'i' and 'e', but then I'm irrational

And imaginative.

This is why I come to this forum. Nicely done!

At least the implementation is encapsulated in its own method and can easily be refactored. That's of far more value than the WTFish implementation.

the beholder:

vahokif:

Just make a char[] and fill it with random numbers between 'a' and 'z', return it with the string constructor.

I can't find any numbers between 'a' and 'z'. Now what?

I see i, v, x, l, c, d, and m.

You're not limiting yourself to those new-fangled Hindu-Arabic numerals, are you? They're just a passing fad.

Roby McAndrew:

I can see 'i' and 'e', but then I'm irrational

Very witty, sir.

But I just have to be pedantic and point out that "i" is not irrational: it is imaginary. "Not rational" is not the same as "irrational".

Jay:

Roby McAndrew:

I can see 'i' and 'e', but then I'm irrational

Very witty, sir.

But I just have to be pedantic and point out that "i" is not irrational: it is imaginary. "Not rational" is not the same as "irrational".

I'll add pendantary to your pendantary.
He did not say the numbers were irrational, only that he was, for picking non-rational numbers.

KattMan:

Jay:

Roby McAndrew:

I can see 'i' and 'e', but then I'm irrational

Very flitty, sir.

But I just have to be pedantic and point out that my dick is not irrational: it is imaginary. Just close your eyes and this will be over soon.

I'll add pendantary to your pederasty. That's nasty!
He did not say the numbers were irrational, only that he was, for picking non-rational numbers.

Ah, wait! He didn't say he picked them because he was irrational, even though he may have implied it.