• ParkinT (cs)
    protected String getPostComment()
    {
        String uncleanCommentString = System.Web.Security.Membership.GeneratePassword(10, 0);
        uncleanCommentString = uncleanCommentString.Replace("FRIST", ":)");
        uncleanCommentString = uncleanCommentString.Replace("The real WTF...", ":)");
        uncleanCommentString = uncleanCommentString.Replace("Irish Girl", ":)");
        uncleanCommentString = uncleanCommentString.Replace("Paula Bean", ":)");
        uncleanCommentString = uncleanCommentString.Replace("The goggles!!", ":)");
        return uncleanCommentString;
    }
    
  • ME (unregistered)

    First to say First.

  • KattMan (cs) in reply to ParkinT
    ParkinT:
        uncleanCommentString = uncleanCommentString.Replace("Irish Girl", ":)");
    
    You had to remind me of her didn't you. After she had my baby and ran off with Mr. Viagra I haven't seen her since.
  • Foo Bar (unregistered)

    Leper! Outcast! Unclean!

    However, as a WTF this one really isn't so awful. GeneratePassword uses decent randomness, and stripping out non-alphas is OK for a URL.

  • Warren (unregistered)

    I see the WTF, they should have used a regexp.

  • vahokif (unregistered)

    Just make a char[] and fill it with random numbers between 'a' and 'z', return it with the string constructor.

  • the beholder (unregistered) in reply to vahokif
    vahokif:
    Just make a char[] and fill it with random numbers between 'a' and 'z', return it with the string constructor.
    I can't find any numbers between 'a' and 'z'. Now what?
  • trtrwtf (unregistered) in reply to the beholder
    the beholder:
    vahokif:
    Just make a char[] and fill it with random numbers between 'a' and 'z', return it with the string constructor.
    I can't find any numbers between 'a' and 'z'. Now what?

    What have you done with 98?

  • oheso (cs)

    Random? Check.

    Clean? Oh ...

    Nothing to do with Shanghai girls, then ...

  • TheCEO (unregistered)

    Is the WTF that he returns an "uncleanRandomString" instead of a clean one?

  • Smug Unix User (unregistered)

    Why not just use /dev/random?

    That's what it's there for.

  • Your Mom's FIshtank (unregistered)

    When selecting trim, randomness is the most desired trait. Cleanliness is the second.

  • TGV (cs)

    The idea is not so horrible. Chances are low, but this definitely increased the possibility of generating two identical random strings.

    But you weren't looking for ASCII conversion, you were looking for HttpServerUtility.UrlEncode(str), isn't it?

  • PiisAWheeL (cs) in reply to the beholder
    the beholder:
    vahokif:
    Just make a char[] and fill it with random numbers between 'a' and 'z', return it with the string constructor.
    I can't find any numbers between 'a' and 'z'. Now what?
    You aren't looking hard enough. This may require a special keyboard. You may have to spell the numbers out. Be a problem solver man.
  • Anon (unregistered)

    protected String getRanString() { // Random string generated by a fair pick of scrabble letters for a bag return "Brillant"; }

  • Anon (unregistered) in reply to the beholder
    the beholder:
    vahokif:
    Just make a char[] and fill it with random numbers between 'a' and 'z', return it with the string constructor.
    I can't find any numbers between 'a' and 'z'. Now what?

    What?!? Don't you remember the song:

    A B C D 1 2 3 E F G H 4 5 6 7 8...
  • sagaciter (unregistered) in reply to the beholder
    the beholder:
    vahokif:
    Just make a char[] and fill it with random numbers between 'a' and 'z', return it with the string constructor.
    I can't find any numbers between 'a' and 'z'. Now what?
    But 'a' and 'z' ARE numbers...
    #include <stdio.h>
    int main() {
        int i;
        for (i = 'a'; i <= 'z';="" i++)="" {="" printf("%i\n",i);="" }="" return="" 0;=""></=></stdio.h>
  • Anon (unregistered)

    public static string GeneratePassword (int length, int numberOfNonAlphanumericCharacters)

    protected String getRanString() { return GeneratePassword(10,0); }

    The remaining code is useless because the 2nd argument asks for zero punctuation characters.

  • Lockwood (cs)

    Noone's posted "Frist" as parsed by that encoder?

    I am disappoint.

  • atk (unregistered) in reply to sagaciter
    sagaciter:
    the beholder:
    vahokif:
    Just make a char[] and fill it with random numbers between 'a' and 'z', return it with the string constructor.
    I can't find any numbers between 'a' and 'z'. Now what?
    But 'a' and 'z' ARE numbers...
    #include <stdio.h>
    int main() {
        int i;
        for (i = 'a'; i <= 'z';="" i++)="" {="" printf("%i\n",i);="" }="" return="" 0;=""></=></stdio.h>
      *woosh*  <-- joke
        O
       \|/
        |    <-- you
       / \
    
  • PiisAWheeL (cs) in reply to Lockwood
    Lockwood:
    Noone's posted "Frist" as parsed by that encoder?

    I am disappoint.

    There is no "s" on that list. I suppose 1 could go "}]^-?"

  • Roby McAndrew (cs) in reply to the beholder

    I can see 'i' and 'e', but then I'm irrational

  • RichP (cs)

    Wondering how the creator of this mess decided on which characters to substitute for the "bad" chars. "a" appears twice, there are some letters and some numbers. It would seem that the easiest options are to either replace everything with the same letter, or replace !->a, @->b, #->c, etc.

    Why do I have the sneaking suspicion that he ran GeneratePassword and hand-selected the alphanumerics to use as the substitute in order to be "more randomer"?

  • sagaciter (unregistered) in reply to atk

    You mean he meant that the original creator of that code probably didn't know that?

    Well, that was funny.

  • wonk (unregistered) in reply to Roby McAndrew
    Roby McAndrew:
    I can see 'i' and 'e', but then I'm irrational
    And imaginative.
  • Hmmmm (unregistered) in reply to RichP
    RichP:
    Why do I have the sneaking suspicion that he ran GeneratePassword and hand-selected the alphanumerics to use as the substitute in order to be "more randomer"?
    Assuming what someone else said is true then most definitely not or he would have realised that no non-alphnumerics were getting generated anyway...
  • Hmmmm (unregistered) in reply to Hmmmm
    Hmmmm:
    Assuming what someone else said is true is never a good idea as it often isn't. The 2nd param is the minimum number of non-alphanumerics not the maximum or actual number.
    FTFM
  • harperska (unregistered)

    obligatory xkcd:

    http://xkcd.com/221/

  • Anon (unregistered) in reply to Hmmmm
    Hmmmm:
    Hmmmm:
    Assuming what someone else said is true is never a good idea as it often isn't. The 2nd param is the minimum number of non-alphanumerics not the maximum or actual number.
    FTFM
    ^^ is correct. I misunderstood/misread the MSDN documentation.
  • wibble factory (unregistered) in reply to Hmmmm
    Hmmmm:
    Hmmmm:
    Assuming what someone else said is true is never a good idea as it often isn't. The 2nd param is the minimum number of non-alphanumerics not the maximum or actual number.
    FTFM

    from http://msdn.microsoft.com/en-us/library/system.web.security.membership.generatepassword.aspx

    public static string GeneratePassword( int length, int numberOfNonAlphanumericCharacters )

    ...even though it's specified in the docs that it's the minimum number of the alpha chars (not the actual) it's totally lame that the second parameter is called 'numberOfNonAlphanumericCharacters' and not 'minimumNumberOfNonAlphanumericCharacters' (or some shorter equivalent)

  • Ananamas (unregistered)

    Guids, man. Pork of the future.

  • Mason Wheeler (cs)

    "System.Web.Security.Membership.GeneratePassword"? Ugh. You think they could cram a few more levels of hierarchical namespacing into that if they tried? Just in case 5 isn't ugly enough for someone out there?

  • troll2 (unregistered) in reply to Mason Wheeler
    Mason Wheeler:
    "System.Web.Security.Membership.GeneratePassword"? Ugh. You think they could cram a few more levels of hierarchical namespacing into that if they tried? Just in case 5 isn't ugly enough for someone out there?

    ACK and you say receive: System.Web.Application.Security.Membership.User.Account.Password.GeneratePassword

  • operagost (cs) in reply to the beholder
    the beholder:
    vahokif:
    Just make a char[] and fill it with random numbers between 'a' and 'z', return it with the string constructor.
    I can't find any numbers between 'a' and 'z'. Now what?
    Translate to Hebrew. But your rabbi is out of town. Now what do you do?
  • Joe (unregistered) in reply to troll2
    troll2:
    Mason Wheeler:
    "System.Web.Security.Membership.GeneratePassword"? Ugh. You think they could cram a few more levels of hierarchical namespacing into that if they tried? Just in case 5 isn't ugly enough for someone out there?

    ACK and you say receive: System.Web.Application.Security.Membership.User.Account.Password.GeneratePassword

    Com.Innotech.corporation.We.Build.The.Future.TM.System.Web.Application.Security.Membership.User.Account.Password.GeneratePassword

  • Joe (unregistered) in reply to the beholder
    the beholder:
    vahokif:
    Just make a char[] and fill it with random numbers between 'a' and 'z', return it with the string constructor.
    I can't find any numbers between 'a' and 'z'. Now what?

    You need to use a different keyboard layout. qwerty or azerty won't work. Try dvorak.

  • Coffee Hound (unregistered)

    Code Challenge: The shortest legible password generator that considers the following:

    • Alpha only, or alpha numeric, or alpha-num + symbols
    • Miminum and maximum length can be specified
    • Minimum/maximum length of any group (alpha, num etc.) can be specified.
    • Sufficiently random

    Bonus points:

    • No dictionary words from lang of choice
    • Uniformly distributed over possible set of characters And.... GO
  • Larry (unregistered)

    #!/usr/bin/perl sub GenPW{print "Go ask your mom\n";} 1;

  • RandomGuy (unregistered) in reply to harperska
    harperska:
    obligatory xkcd:

    http://xkcd.com/221/

    First thing that came to my mind as well ...

  • Dave (unregistered)

    What? Didn't he know you should do it all in one line?

    String uncleanRandomString = System.Web.Security.Membership.GeneratePassword(10, 0).Replace("!", "a").Replace("@", "2").Replace("#", "c").Replace("$", "4").Replace("%", "3").Replace("^", "i").Replace("&", "a").Replace("*", "9").Replace("(", "g").Replace(")", "m").Replace("_", "d").Replace("-", "5").Replace("+", "p").Replace("=", "q").Replace("[", "w").Replace("{", "t").Replace("]", "r").Replace("}", "f").Replace(";", "8").Replace(":", "z").Replace("<", "x").replace("="">", "0").Replace("|", "v").Replace(".", "b").Replace("/", "y").Replace("?", "t");</",>
  • PiisAWheeL (cs) in reply to Joe
    Joe:
    the beholder:
    vahokif:
    Just make a char[] and fill it with random numbers between 'a' and 'z', return it with the string constructor.
    I can't find any numbers between 'a' and 'z'. Now what?

    You need to use a different keyboard layout. qwerty or azerty won't work. Try dvorak.

    There are no numbers between a and z on a dvorak keyboard. Just 'aoeuidhtns-' on the home row and 'zvwmbxkjq;' (right to left) on the bottom one. The closest you get is a dash or a semicolon.

  • Larry (unregistered)

    There are plenty of numbers between 'a' and 'z':

    perl -e '$X="a";while ($X le "z"){print $X++;}' abcdefghijklmnopqrstuvwxyz

  • Sea Sharp, Waves Hurt (unregistered) in reply to Foo Bar
    Foo Bar:
    Leper! Outcast! Unclean!

    Thomas Covenant. Classy :).

  • pauly (cs)

    Ran string is string that constantly runs through memory invalidating its pointer.

  • snoofle (cs) in reply to wonk
    wonk:
    Roby McAndrew:
    I can see 'i' and 'e', but then I'm irrational
    And imaginative.
    This is why I come to this forum. Nicely done!
  • B00nbuster (unregistered)

    At least the implementation is encapsulated in its own method and can easily be refactored. That's of far more value than the WTFish implementation.

  • Jay (unregistered) in reply to the beholder
    the beholder:
    vahokif:
    Just make a char[] and fill it with random numbers between 'a' and 'z', return it with the string constructor.
    I can't find any numbers between 'a' and 'z'. Now what?

    I see i, v, x, l, c, d, and m.

    You're not limiting yourself to those new-fangled Hindu-Arabic numerals, are you? They're just a passing fad.

  • Jay (unregistered) in reply to Roby McAndrew
    Roby McAndrew:
    I can see 'i' and 'e', but then I'm irrational

    Very witty, sir.

    But I just have to be pedantic and point out that "i" is not irrational: it is imaginary. "Not rational" is not the same as "irrational".

  • KattMan (cs) in reply to Jay
    Jay:
    Roby McAndrew:
    I can see 'i' and 'e', but then I'm irrational

    Very witty, sir.

    But I just have to be pedantic and point out that "i" is not irrational: it is imaginary. "Not rational" is not the same as "irrational".

    I'll add pendantary to your pendantary. He did not say the numbers were irrational, only that he was, for picking non-rational numbers.

  • Zunetang (unregistered) in reply to KattMan
    KattMan:
    Jay:
    Roby McAndrew:
    I can see 'i' and 'e', but then I'm irrational

    Very flitty, sir.

    But I just have to be pedantic and point out that my dick is not irrational: it is imaginary. Just close your eyes and this will be over soon.

    I'll add pendantary to your pederasty. <span style="color:white;">That's nasty!</span> He did not say the numbers were irrational, only that he was, for picking non-rational numbers.

    Ah, wait! He didn't say he picked them because he was irrational, even though he may have implied it.

Leave a comment on “Securely Random Strings”

Log In or post as a guest

Replying to comment #:

« Return to Article