Comment On Securely Random Strings

"Working through a pretty ugly project, I came across this C# beauty," Matt B writes, "at first, I was unsure of what it did. I was utterly perplexed until I took a second look at the function name. " [expand full text]
« PrevPage 1 | Page 2Next »

Re: Securely Random Strings

2012-04-12 08:24 • by ParkinT

protected String getPostComment()
{
String uncleanCommentString = System.Web.Security.Membership.GeneratePassword(10, 0);
uncleanCommentString = uncleanCommentString.Replace("FRIST", ":)");
uncleanCommentString = uncleanCommentString.Replace("The real WTF...", ":)");
uncleanCommentString = uncleanCommentString.Replace("Irish Girl", ":)");
uncleanCommentString = uncleanCommentString.Replace("Paula Bean", ":)");
uncleanCommentString = uncleanCommentString.Replace("The goggles!!", ":)");
return uncleanCommentString;
}

Re: Securely Random Strings

2012-04-12 09:08 • by ME (unregistered)
First to say First.

Re: Securely Random Strings

2012-04-12 09:10 • by KattMan
378998 in reply to 378995
ParkinT:

uncleanCommentString = uncleanCommentString.Replace("Irish Girl", ":)");

You had to remind me of her didn't you. After she had my baby and ran off with Mr. Viagra I haven't seen her since.

Re: Securely Random Strings

2012-04-12 09:15 • by Foo Bar (unregistered)
Leper! Outcast! Unclean!

However, as a WTF this one really isn't so awful. GeneratePassword uses decent randomness, and stripping out non-alphas is OK for a URL.

Re: Securely Random Strings

2012-04-12 09:17 • by Warren (unregistered)
I see the WTF, they should have used a regexp.

Re: Securely Random Strings

2012-04-12 09:20 • by vahokif (unregistered)
Just make a char[] and fill it with random numbers between 'a' and 'z', return it with the string constructor.

Re: Securely Random Strings

2012-04-12 09:26 • by the beholder (unregistered)
379002 in reply to 379001
vahokif:
Just make a char[] and fill it with random numbers between 'a' and 'z', return it with the string constructor.
I can't find any numbers between 'a' and 'z'. Now what?

Re: Securely Random Strings

2012-04-12 09:34 • by trtrwtf (unregistered)
379003 in reply to 379002
the beholder:
vahokif:
Just make a char[] and fill it with random numbers between 'a' and 'z', return it with the string constructor.
I can't find any numbers between 'a' and 'z'. Now what?


What have you done with 98?

Re: Securely Random Strings

2012-04-12 09:36 • by oheso
Random? Check.

Clean? Oh ...


Nothing to do with Shanghai girls, then ...

Re: Securely Random Strings

2012-04-12 09:44 • by TheCEO (unregistered)
Is the WTF that he returns an "uncleanRandomString" instead of a clean one?

Re: Securely Random Strings

2012-04-12 09:44 • by Smug Unix User (unregistered)
Why not just use /dev/random?

That's what it's there for.

Re: Securely Random Strings

2012-04-12 09:45 • by Your Mom's FIshtank (unregistered)
When selecting trim, randomness is the most desired trait. Cleanliness is the second.

Re: Securely Random Strings

2012-04-12 09:47 • by TGV
The idea is not so horrible. Chances are low, but this definitely increased the possibility of generating two identical random strings.

But you weren't looking for ASCII conversion, you were looking for HttpServerUtility.UrlEncode(str), isn't it?

Re: Securely Random Strings

2012-04-12 09:47 • by PiisAWheeL
379009 in reply to 379002
the beholder:
vahokif:
Just make a char[] and fill it with random numbers between 'a' and 'z', return it with the string constructor.
I can't find any numbers between 'a' and 'z'. Now what?
You aren't looking hard enough. This may require a special keyboard. You may have to spell the numbers out. Be a problem solver man.

Re: Securely Random Strings

2012-04-12 09:48 • by Anon (unregistered)
protected String getRanString()
{
// Random string generated by a fair pick of scrabble letters for a bag
return "Brillant";
}

Re: Securely Random Strings

2012-04-12 09:50 • by Anon (unregistered)
379011 in reply to 379002
the beholder:
vahokif:
Just make a char[] and fill it with random numbers between 'a' and 'z', return it with the string constructor.
I can't find any numbers between 'a' and 'z'. Now what?


What?!? Don't you remember the song:
A B C D 1 2 3 E F G H 4 5 6 7 8...

Re: Securely Random Strings

2012-04-12 09:56 • by sagaciter (unregistered)
379014 in reply to 379002
the beholder:
vahokif:
Just make a char[] and fill it with random numbers between 'a' and 'z', return it with the string constructor.
I can't find any numbers between 'a' and 'z'. Now what?

But 'a' and 'z' ARE numbers...

#include <stdio.h>

int main() {
int i;
for (i = 'a'; i <= 'z'; i++) {
printf("%i\n",i);
}
return 0;
}

Re: Securely Random Strings

2012-04-12 09:59 • by Anon (unregistered)
public static string GeneratePassword (int length, int numberOfNonAlphanumericCharacters)

protected String getRanString()
{
return GeneratePassword(10,0);
}

The remaining code is useless because the 2nd argument asks for zero punctuation characters.

Re: Securely Random Strings

2012-04-12 10:03 • by Lockwood
Noone's posted "Frist" as parsed by that encoder?

I am disappoint.

Re: Securely Random Strings

2012-04-12 10:06 • by atk (unregistered)
379017 in reply to 379014
sagaciter:
the beholder:
vahokif:
Just make a char[] and fill it with random numbers between 'a' and 'z', return it with the string constructor.
I can't find any numbers between 'a' and 'z'. Now what?

But 'a' and 'z' ARE numbers...

#include <stdio.h>

int main() {
int i;
for (i = 'a'; i <= 'z'; i++) {
printf("%i\n",i);
}
return 0;
}


*woosh* <-- joke
O
\|/
| <-- you
/ \

Re: Securely Random Strings

2012-04-12 10:12 • by PiisAWheeL
379019 in reply to 379016
Lockwood:
Noone's posted "Frist" as parsed by that encoder?

I am disappoint.
There is no "s" on that list. I suppose 1 could go "}]^-?"

Re: Securely Random Strings

2012-04-12 10:12 • by Roby McAndrew
379020 in reply to 379002
I can see 'i' and 'e', but then I'm irrational

Re: Securely Random Strings

2012-04-12 10:41 • by RichP
Wondering how the creator of this mess decided on which characters to substitute for the "bad" chars. "a" appears twice, there are some letters and some numbers. It would seem that the easiest options are to either replace everything with the same letter, or replace !->a, @->b, #->c, etc.

Why do I have the sneaking suspicion that he ran GeneratePassword and hand-selected the alphanumerics to use as the substitute in order to be "more randomer"?

Re: Securely Random Strings

2012-04-12 10:43 • by sagaciter (unregistered)
379023 in reply to 379017
You mean he meant that the original creator of that code probably didn't know that?

Well, that was funny.

Re: Securely Random Strings

2012-04-12 10:50 • by wonk (unregistered)
379024 in reply to 379020
Roby McAndrew:
I can see 'i' and 'e', but then I'm irrational

And imaginative.

Re: Securely Random Strings

2012-04-12 11:03 • by Hmmmm (unregistered)
379025 in reply to 379022
RichP:
Why do I have the sneaking suspicion that he ran GeneratePassword and hand-selected the alphanumerics to use as the substitute in order to be "more randomer"?

Assuming what someone else said is true then most definitely not or he would have realised that no non-alphnumerics were getting generated anyway...

Re: Securely Random Strings

2012-04-12 11:08 • by Hmmmm (unregistered)
379026 in reply to 379025
Hmmmm:
Assuming what someone else said is true is never a good idea as it often isn't. The 2nd param is the minimum number of non-alphanumerics not the maximum or actual number.

FTFM

Re: Securely Random Strings

2012-04-12 11:22 • by harperska (unregistered)
obligatory xkcd:

http://xkcd.com/221/

Re: Securely Random Strings

2012-04-12 11:31 • by Anon (unregistered)
379029 in reply to 379026
Hmmmm:
Hmmmm:
Assuming what someone else said is true is never a good idea as it often isn't. The 2nd param is the minimum number of non-alphanumerics not the maximum or actual number.

FTFM

^^ is correct. I misunderstood/misread the MSDN documentation.

Re: Securely Random Strings

2012-04-12 11:50 • by wibble factory (unregistered)
379030 in reply to 379026
Hmmmm:
Hmmmm:
Assuming what someone else said is true is never a good idea as it often isn't. The 2nd param is the minimum number of non-alphanumerics not the maximum or actual number.

FTFM


from http://msdn.microsoft.com/en-us/library/system.web.security.membership.generatepassword.aspx

public static string GeneratePassword(
int length,
int numberOfNonAlphanumericCharacters
)

...even though it's specified in the docs that it's the minimum number of the alpha chars (not the actual) it's totally lame that the second parameter is called 'numberOfNonAlphanumericCharacters' and not 'minimumNumberOfNonAlphanumericCharacters' (or some shorter equivalent)

Re: Securely Random Strings

2012-04-12 12:11 • by Ananamas (unregistered)
Guids, man. Pork of the future.

Re: Securely Random Strings

2012-04-12 12:29 • by Mason Wheeler
"System.Web.Security.Membership.GeneratePassword"? Ugh. You think they could cram a few more levels of hierarchical namespacing into that if they tried? Just in case 5 isn't ugly enough for someone out there?

Re: Securely Random Strings

2012-04-12 12:37 • by troll2 (unregistered)
379034 in reply to 379032
Mason Wheeler:
"System.Web.Security.Membership.GeneratePassword"? Ugh. You think they could cram a few more levels of hierarchical namespacing into that if they tried? Just in case 5 isn't ugly enough for someone out there?


ACK and you say receive:
System.Web.Application.Security.Membership.User.Account.Password.GeneratePassword

Re: Securely Random Strings

2012-04-12 12:54 • by operagost
379035 in reply to 379002
the beholder:
vahokif:
Just make a char[] and fill it with random numbers between 'a' and 'z', return it with the string constructor.
I can't find any numbers between 'a' and 'z'. Now what?
Translate to Hebrew. But your rabbi is out of town. Now what do you do?

Re: Securely Random Strings

2012-04-12 12:54 • by Joe (unregistered)
379036 in reply to 379034
troll2:
Mason Wheeler:
"System.Web.Security.Membership.GeneratePassword"? Ugh. You think they could cram a few more levels of hierarchical namespacing into that if they tried? Just in case 5 isn't ugly enough for someone out there?


ACK and you say receive:
System.Web.Application.Security.Membership.User.Account.Password.GeneratePassword


Com.Innotech.corporation.We.Build.The.Future.TM.System.Web.Application.Security.Membership.User.Account.Password.GeneratePassword

Re: Securely Random Strings

2012-04-12 13:02 • by Joe (unregistered)
379037 in reply to 379002
the beholder:
vahokif:
Just make a char[] and fill it with random numbers between 'a' and 'z', return it with the string constructor.
I can't find any numbers between 'a' and 'z'. Now what?


You need to use a different keyboard layout. qwerty or azerty won't work. Try dvorak.

Re: Securely Random Strings

2012-04-12 13:09 • by Coffee Hound (unregistered)
Code Challenge:
The shortest legible password generator that considers the following:
- Alpha only, or alpha numeric, or alpha-num + symbols
- Miminum and maximum length can be specified
- Minimum/maximum length of any group (alpha, num etc.) can be specified.
- Sufficiently random

Bonus points:
- No dictionary words from lang of choice
- Uniformly distributed over possible set of characters
And....
GO

Re: Securely Random Strings

2012-04-12 13:17 • by Larry (unregistered)
#!/usr/bin/perl
sub GenPW{print "Go ask your mom\n";}
1;

Re: Securely Random Strings

2012-04-12 13:18 • by RandomGuy (unregistered)
379040 in reply to 379028
harperska:
obligatory xkcd:

http://xkcd.com/221/


First thing that came to my mind as well ...

Re: Securely Random Strings

2012-04-12 13:33 • by Dave (unregistered)
What? Didn't he know you should do it all in one line?

String uncleanRandomString = System.Web.Security.Membership.GeneratePassword(10, 0).Replace("!", "a").Replace("@", "2").Replace("#", "c").Replace("$", "4").Replace("%", "3").Replace("^", "i").Replace("&", "a").Replace("*", "9").Replace("(", "g").Replace(")", "m").Replace("_", "d").Replace("-", "5").Replace("+", "p").Replace("=", "q").Replace("[", "w").Replace("{", "t").Replace("]", "r").Replace("}", "f").Replace(";", "8").Replace(":", "z").Replace("<", "x").Replace(">", "0").Replace("|", "v").Replace(".", "b").Replace("/", "y").Replace("?", "t");

Re: Securely Random Strings

2012-04-12 13:36 • by PiisAWheeL
379042 in reply to 379037
Joe:
the beholder:
vahokif:
Just make a char[] and fill it with random numbers between 'a' and 'z', return it with the string constructor.
I can't find any numbers between 'a' and 'z'. Now what?


You need to use a different keyboard layout. qwerty or azerty won't work. Try dvorak.
There are no numbers between a and z on a dvorak keyboard. Just 'aoeuidhtns-' on the home row and 'zvwmbxkjq;' (right to left) on the bottom one. The closest you get is a dash or a semicolon.

Re: Securely Random Strings

2012-04-12 13:42 • by Larry (unregistered)
There are plenty of numbers between 'a' and 'z':

perl -e '$X="a";while ($X le "z"){print $X++;}'
abcdefghijklmnopqrstuvwxyz

Re: Securely Random Strings

2012-04-12 13:51 • by Sea Sharp, Waves Hurt (unregistered)
379044 in reply to 378999
Foo Bar:
Leper! Outcast! Unclean!


Thomas Covenant. Classy :).

Re: Securely Random Strings

2012-04-12 14:08 • by pauly
Ran string is string that constantly runs through memory invalidating its pointer.

Re: Securely Random Strings

2012-04-12 14:14 • by snoofle
379046 in reply to 379024
wonk:
Roby McAndrew:
I can see 'i' and 'e', but then I'm irrational

And imaginative.
This is why I come to this forum. Nicely done!

Re: Securely Random Strings

2012-04-12 14:23 • by B00nbuster (unregistered)
At least the implementation is encapsulated in its own method and can easily be refactored. That's of far more value than the WTFish implementation.

Re: Securely Random Strings

2012-04-12 14:42 • by Jay (unregistered)
379050 in reply to 379002
the beholder:
vahokif:
Just make a char[] and fill it with random numbers between 'a' and 'z', return it with the string constructor.
I can't find any numbers between 'a' and 'z'. Now what?


I see i, v, x, l, c, d, and m.

You're not limiting yourself to those new-fangled Hindu-Arabic numerals, are you? They're just a passing fad.

Re: Securely Random Strings

2012-04-12 14:45 • by Jay (unregistered)
379051 in reply to 379020
Roby McAndrew:
I can see 'i' and 'e', but then I'm irrational


Very witty, sir.

But I just have to be pedantic and point out that "i" is not irrational: it is imaginary. "Not rational" is not the same as "irrational".

Re: Securely Random Strings

2012-04-12 15:34 • by KattMan
379054 in reply to 379051
Jay:
Roby McAndrew:
I can see 'i' and 'e', but then I'm irrational


Very witty, sir.

But I just have to be pedantic and point out that "i" is not irrational: it is imaginary. "Not rational" is not the same as "irrational".

I'll add pendantary to your pendantary.
He did not say the numbers were irrational, only that he was, for picking non-rational numbers.

Re: Securely Random Strings

2012-04-12 16:25 • by Zunetang (unregistered)
379055 in reply to 379054
KattMan:
Jay:
Roby McAndrew:
I can see 'i' and 'e', but then I'm irrational


Very flitty, sir.

But I just have to be pedantic and point out that my dick is not irrational: it is imaginary. Just close your eyes and this will be over soon.

I'll add pendantary to your pederasty. That's nasty!
He did not say the numbers were irrational, only that he was, for picking non-rational numbers.
Ah, wait! He didn't say he picked them because he was irrational, even though he may have implied it.
« PrevPage 1 | Page 2Next »

Add Comment