Securely Random Strings

« Return to Article
  • ParkinT 2012-04-12 08:24

    protected String getPostComment()
    {
    String uncleanCommentString = System.Web.Security.Membership.GeneratePassword(10, 0);
    uncleanCommentString = uncleanCommentString.Replace("FRIST", ":)");
    uncleanCommentString = uncleanCommentString.Replace("The real WTF...", ":)");
    uncleanCommentString = uncleanCommentString.Replace("Irish Girl", ":)");
    uncleanCommentString = uncleanCommentString.Replace("Paula Bean", ":)");
    uncleanCommentString = uncleanCommentString.Replace("The goggles!!", ":)");
    return uncleanCommentString;
    }
  • ME 2012-04-12 09:08
    First to say First.
  • KattMan 2012-04-12 09:10
    ParkinT:

    uncleanCommentString = uncleanCommentString.Replace("Irish Girl", ":)");

    You had to remind me of her didn't you. After she had my baby and ran off with Mr. Viagra I haven't seen her since.
  • Foo Bar 2012-04-12 09:15
    Leper! Outcast! Unclean!

    However, as a WTF this one really isn't so awful. GeneratePassword uses decent randomness, and stripping out non-alphas is OK for a URL.
  • Warren 2012-04-12 09:17
    I see the WTF, they should have used a regexp.
  • vahokif 2012-04-12 09:20
    Just make a char[] and fill it with random numbers between 'a' and 'z', return it with the string constructor.
  • the beholder 2012-04-12 09:26
    vahokif:
    Just make a char[] and fill it with random numbers between 'a' and 'z', return it with the string constructor.
    I can't find any numbers between 'a' and 'z'. Now what?
  • trtrwtf 2012-04-12 09:34
    the beholder:
    vahokif:
    Just make a char[] and fill it with random numbers between 'a' and 'z', return it with the string constructor.
    I can't find any numbers between 'a' and 'z'. Now what?


    What have you done with 98?
  • oheso 2012-04-12 09:36
    Random? Check.

    Clean? Oh ...


    Nothing to do with Shanghai girls, then ...
  • TheCEO 2012-04-12 09:44
    Is the WTF that he returns an "uncleanRandomString" instead of a clean one?
  • Smug Unix User 2012-04-12 09:44
    Why not just use /dev/random?

    That's what it's there for.
  • Your Mom's FIshtank 2012-04-12 09:45
    When selecting trim, randomness is the most desired trait. Cleanliness is the second.
  • TGV 2012-04-12 09:47
    The idea is not so horrible. Chances are low, but this definitely increased the possibility of generating two identical random strings.

    But you weren't looking for ASCII conversion, you were looking for HttpServerUtility.UrlEncode(str), isn't it?
  • PiisAWheeL 2012-04-12 09:47
    the beholder:
    vahokif:
    Just make a char[] and fill it with random numbers between 'a' and 'z', return it with the string constructor.
    I can't find any numbers between 'a' and 'z'. Now what?
    You aren't looking hard enough. This may require a special keyboard. You may have to spell the numbers out. Be a problem solver man.
  • Anon 2012-04-12 09:48
    protected String getRanString()
    {
    // Random string generated by a fair pick of scrabble letters for a bag
    return "Brillant";
    }
  • Anon 2012-04-12 09:50
    the beholder:
    vahokif:
    Just make a char[] and fill it with random numbers between 'a' and 'z', return it with the string constructor.
    I can't find any numbers between 'a' and 'z'. Now what?


    What?!? Don't you remember the song:
    A B C D 1 2 3 E F G H 4 5 6 7 8...
  • sagaciter 2012-04-12 09:56
    the beholder:
    vahokif:
    Just make a char[] and fill it with random numbers between 'a' and 'z', return it with the string constructor.
    I can't find any numbers between 'a' and 'z'. Now what?

    But 'a' and 'z' ARE numbers...

    #include <stdio.h>
    
    int main() {
    int i;
    for (i = 'a'; i <= 'z'; i++) {
    printf("%i\n",i);
    }
    return 0;
    }
  • Anon 2012-04-12 09:59
    public static string GeneratePassword (int length, int numberOfNonAlphanumericCharacters)

    protected String getRanString()
    {
    return GeneratePassword(10,0);
    }

    The remaining code is useless because the 2nd argument asks for zero punctuation characters.
  • Lockwood 2012-04-12 10:03
    Noone's posted "Frist" as parsed by that encoder?

    I am disappoint.
  • atk 2012-04-12 10:06
    sagaciter:
    the beholder:
    vahokif:
    Just make a char[] and fill it with random numbers between 'a' and 'z', return it with the string constructor.
    I can't find any numbers between 'a' and 'z'. Now what?

    But 'a' and 'z' ARE numbers...

    #include <stdio.h>
    
    int main() {
    int i;
    for (i = 'a'; i <= 'z'; i++) {
    printf("%i\n",i);
    }
    return 0;
    }


    *woosh* <-- joke
    O
    \|/
    | <-- you
    / \
  • PiisAWheeL 2012-04-12 10:12
    Lockwood:
    Noone's posted "Frist" as parsed by that encoder?

    I am disappoint.
    There is no "s" on that list. I suppose 1 could go "}]^-?"
  • Roby McAndrew 2012-04-12 10:12
    I can see 'i' and 'e', but then I'm irrational
  • RichP 2012-04-12 10:41
    Wondering how the creator of this mess decided on which characters to substitute for the "bad" chars. "a" appears twice, there are some letters and some numbers. It would seem that the easiest options are to either replace everything with the same letter, or replace !->a, @->b, #->c, etc.

    Why do I have the sneaking suspicion that he ran GeneratePassword and hand-selected the alphanumerics to use as the substitute in order to be "more randomer"?
  • sagaciter 2012-04-12 10:43
    You mean he meant that the original creator of that code probably didn't know that?

    Well, that was funny.
  • wonk 2012-04-12 10:50
    Roby McAndrew:
    I can see 'i' and 'e', but then I'm irrational

    And imaginative.
  • Hmmmm 2012-04-12 11:03
    RichP:
    Why do I have the sneaking suspicion that he ran GeneratePassword and hand-selected the alphanumerics to use as the substitute in order to be "more randomer"?

    Assuming what someone else said is true then most definitely not or he would have realised that no non-alphnumerics were getting generated anyway...
  • Hmmmm 2012-04-12 11:08
    Hmmmm:
    Assuming what someone else said is true is never a good idea as it often isn't. The 2nd param is the minimum number of non-alphanumerics not the maximum or actual number.

    FTFM
  • harperska 2012-04-12 11:22
    obligatory xkcd:

    http://xkcd.com/221/
  • Anon 2012-04-12 11:31
    Hmmmm:
    Hmmmm:
    Assuming what someone else said is true is never a good idea as it often isn't. The 2nd param is the minimum number of non-alphanumerics not the maximum or actual number.

    FTFM

    ^^ is correct. I misunderstood/misread the MSDN documentation.
  • wibble factory 2012-04-12 11:50
    Hmmmm:
    Hmmmm:
    Assuming what someone else said is true is never a good idea as it often isn't. The 2nd param is the minimum number of non-alphanumerics not the maximum or actual number.

    FTFM


    from http://msdn.microsoft.com/en-us/library/system.web.security.membership.generatepassword.aspx

    public static string GeneratePassword(
    int length,
    int numberOfNonAlphanumericCharacters
    )

    ...even though it's specified in the docs that it's the minimum number of the alpha chars (not the actual) it's totally lame that the second parameter is called 'numberOfNonAlphanumericCharacters' and not 'minimumNumberOfNonAlphanumericCharacters' (or some shorter equivalent)
  • Ananamas 2012-04-12 12:11
    Guids, man. Pork of the future.
  • Mason Wheeler 2012-04-12 12:29
    "System.Web.Security.Membership.GeneratePassword"? Ugh. You think they could cram a few more levels of hierarchical namespacing into that if they tried? Just in case 5 isn't ugly enough for someone out there?
  • troll2 2012-04-12 12:37
    Mason Wheeler:
    "System.Web.Security.Membership.GeneratePassword"? Ugh. You think they could cram a few more levels of hierarchical namespacing into that if they tried? Just in case 5 isn't ugly enough for someone out there?


    ACK and you say receive:
    System.Web.Application.Security.Membership.User.Account.Password.GeneratePassword
  • operagost 2012-04-12 12:54
    the beholder:
    vahokif:
    Just make a char[] and fill it with random numbers between 'a' and 'z', return it with the string constructor.
    I can't find any numbers between 'a' and 'z'. Now what?
    Translate to Hebrew. But your rabbi is out of town. Now what do you do?
  • Joe 2012-04-12 12:54
    troll2:
    Mason Wheeler:
    "System.Web.Security.Membership.GeneratePassword"? Ugh. You think they could cram a few more levels of hierarchical namespacing into that if they tried? Just in case 5 isn't ugly enough for someone out there?


    ACK and you say receive:
    System.Web.Application.Security.Membership.User.Account.Password.GeneratePassword


    Com.Innotech.corporation.We.Build.The.Future.TM.System.Web.Application.Security.Membership.User.Account.Password.GeneratePassword
  • Joe 2012-04-12 13:02
    the beholder:
    vahokif:
    Just make a char[] and fill it with random numbers between 'a' and 'z', return it with the string constructor.
    I can't find any numbers between 'a' and 'z'. Now what?


    You need to use a different keyboard layout. qwerty or azerty won't work. Try dvorak.
  • Coffee Hound 2012-04-12 13:09
    Code Challenge:
    The shortest legible password generator that considers the following:
    - Alpha only, or alpha numeric, or alpha-num + symbols
    - Miminum and maximum length can be specified
    - Minimum/maximum length of any group (alpha, num etc.) can be specified.
    - Sufficiently random

    Bonus points:
    - No dictionary words from lang of choice
    - Uniformly distributed over possible set of characters
    And....
    GO
  • Larry 2012-04-12 13:17
    #!/usr/bin/perl
    sub GenPW{print "Go ask your mom\n";}
    1;
  • RandomGuy 2012-04-12 13:18
    harperska:
    obligatory xkcd:

    http://xkcd.com/221/


    First thing that came to my mind as well ...
  • Dave 2012-04-12 13:33
    What? Didn't he know you should do it all in one line?

    String uncleanRandomString = System.Web.Security.Membership.GeneratePassword(10, 0).Replace("!", "a").Replace("@", "2").Replace("#", "c").Replace("$", "4").Replace("%", "3").Replace("^", "i").Replace("&", "a").Replace("*", "9").Replace("(", "g").Replace(")", "m").Replace("_", "d").Replace("-", "5").Replace("+", "p").Replace("=", "q").Replace("[", "w").Replace("{", "t").Replace("]", "r").Replace("}", "f").Replace(";", "8").Replace(":", "z").Replace("<", "x").Replace(">", "0").Replace("|", "v").Replace(".", "b").Replace("/", "y").Replace("?", "t");

  • PiisAWheeL 2012-04-12 13:36
    Joe:
    the beholder:
    vahokif:
    Just make a char[] and fill it with random numbers between 'a' and 'z', return it with the string constructor.
    I can't find any numbers between 'a' and 'z'. Now what?


    You need to use a different keyboard layout. qwerty or azerty won't work. Try dvorak.
    There are no numbers between a and z on a dvorak keyboard. Just 'aoeuidhtns-' on the home row and 'zvwmbxkjq;' (right to left) on the bottom one. The closest you get is a dash or a semicolon.
  • Larry 2012-04-12 13:42
    There are plenty of numbers between 'a' and 'z':

    perl -e '$X="a";while ($X le "z"){print $X++;}'
    abcdefghijklmnopqrstuvwxyz
  • Sea Sharp, Waves Hurt 2012-04-12 13:51
    Foo Bar:
    Leper! Outcast! Unclean!


    Thomas Covenant. Classy :).
  • pauly 2012-04-12 14:08
    Ran string is string that constantly runs through memory invalidating its pointer.
  • snoofle 2012-04-12 14:14
    wonk:
    Roby McAndrew:
    I can see 'i' and 'e', but then I'm irrational

    And imaginative.
    This is why I come to this forum. Nicely done!
  • B00nbuster 2012-04-12 14:23
    At least the implementation is encapsulated in its own method and can easily be refactored. That's of far more value than the WTFish implementation.
  • Jay 2012-04-12 14:42
    the beholder:
    vahokif:
    Just make a char[] and fill it with random numbers between 'a' and 'z', return it with the string constructor.
    I can't find any numbers between 'a' and 'z'. Now what?


    I see i, v, x, l, c, d, and m.

    You're not limiting yourself to those new-fangled Hindu-Arabic numerals, are you? They're just a passing fad.
  • Jay 2012-04-12 14:45
    Roby McAndrew:
    I can see 'i' and 'e', but then I'm irrational


    Very witty, sir.

    But I just have to be pedantic and point out that "i" is not irrational: it is imaginary. "Not rational" is not the same as "irrational".
  • KattMan 2012-04-12 15:34
    Jay:
    Roby McAndrew:
    I can see 'i' and 'e', but then I'm irrational


    Very witty, sir.

    But I just have to be pedantic and point out that "i" is not irrational: it is imaginary. "Not rational" is not the same as "irrational".

    I'll add pendantary to your pendantary.
    He did not say the numbers were irrational, only that he was, for picking non-rational numbers.
  • Zunetang 2012-04-12 16:25
    KattMan:
    Jay:
    Roby McAndrew:
    I can see 'i' and 'e', but then I'm irrational


    Very flitty, sir.

    But I just have to be pedantic and point out that my dick is not irrational: it is imaginary. Just close your eyes and this will be over soon.

    I'll add pendantary to your pederasty. That's nasty!
    He did not say the numbers were irrational, only that he was, for picking non-rational numbers.
    Ah, wait! He didn't say he picked them because he was irrational, even though he may have implied it.
  • Zunetang 2012-04-12 16:26
    Jay:
    the beholder:
    vahokif:
    Just make a char[] and fill it with random numbers between 'a' and 'z', return it with the string constructor.
    I can't find any numbers between 'a' and 'z'. Now what?


    I see i, v, x, l, c, d, and m.

    You're not limiting yourself to those new-fangled Hindu-Arabic numerals, are you? They're just a passing fad.
    You're just a pissing fag! You fu...

    Oh, wait... My apologies.
  • Peter 2012-04-12 16:32
    Sea Sharp, Waves Hurt:
    Foo Bar:
    Leper! Outcast! Unclean!
    Thomas Covenant. Classy :).
    God, no. Those were awful books.
  • gloin 2012-04-12 16:45
    This is bound to lead to Ovaltine.
  • Irish girl spotted 2012-04-12 18:20
    http://images.smh.com.au/2012/04/12/3211657/hacker-353-200x0.jpg

    Turns out she was Australian after all and likes nerds!
  • lumberjack 2012-04-12 19:12
    Foo Bar:
    Leper! Outcast! Unclean!

    However, as a WTF this one really isn't so awful. GeneratePassword uses decent randomness, and stripping out non-alphas is OK for a URL.


    The real WTF is the Thomas Covenant reference.
  • aw 2012-04-12 19:51
    wibble factory:
    Hmmmm:
    Hmmmm:
    Assuming what someone else said is true is never a good idea as it often isn't. The 2nd param is the minimum number of non-alphanumerics not the maximum or actual number.

    FTFM


    from http://msdn.microsoft.com/en-us/library/system.web.security.membership.generatepassword.aspx

    public static string GeneratePassword(
    int length,
    int numberOfNonAlphanumericCharacters
    )

    ...even though it's specified in the docs that it's the minimum number of the alpha chars (not the actual) it's totally lame that the second parameter is called 'numberOfNonAlphanumericCharacters' and not 'minimumNumberOfNonAlphanumericCharacters' (or some shorter equivalent)

    minNumNonAlphanumChars

    Captcha: commoveo - as we get bald we start to use hairstyles called commeoveos
  • Dirk 2012-04-12 19:53
    Unclean! Unclean!
  • aw 2012-04-12 19:59
    Coffee Hound:
    Code Challenge:
    The shortest legible password generator that considers the following:
    - Alpha only, or alpha numeric, or alpha-num + symbols
    - Miminum and maximum length can be specified
    - Minimum/maximum length of any group (alpha, num etc.) can be specified.
    - Sufficiently random

    Bonus points:
    - No dictionary words from lang of choice
    - Uniformly distributed over possible set of characters
    And....
    GO

    I'll get you started....


    string passwordGenerator(int type)
    switch(type)
    {
    case alpha:
    cout << "Please enter a password containing letters only, that does not contain real words from the dictionary" << endl;
    cin >> password;
    return password;
    case alphanum:
    cout << "Please enter a password containing letters and numbers only, that does not contain real words from the dictionary" << endl;
    cin >> password;
    return password;
    case alpahnumsym:
    cout << "Please enter a password containing letters numbers and symbold, that does not contain real words from the dictionary" << endl;
    cin >> password;
    return password;
    default:
    /* Updated 12/4 for security */
    return "admin01"; //"qwe123"; //"blink182"
    }
    }
  • e54yadsrhxfb 2012-04-12 20:01
    Jay:
    the beholder:
    vahokif:
    Just make a char[] and fill it with random numbers between 'a' and 'z', return it with the string constructor.
    I can't find any numbers between 'a' and 'z'. Now what?


    I see i, v, x, l, c, d, and m.

    You're not limiting yourself to those new-fangled Hindu-Arabic numerals, are you? They're just a passing fad.
    bcdef too for the heaxadecimally inclined
  • Odin 2012-04-12 20:31
    Anon:
    public static string GeneratePassword (int length, int numberOfNonAlphanumericCharacters)

    protected String getRanString()
    {
    return GeneratePassword(10,0);
    }

    The remaining code is useless because the 2nd argument asks for zero punctuation characters.


    It asks for Yahtzee?
  • Cheong 2012-04-12 21:46
    the beholder:
    vahokif:
    Just make a char[] and fill it with random numbers between 'a' and 'z', return it with the string constructor.
    I can't find any numbers between 'a' and 'z'. Now what?

    Use " and" as your password then.
  • default_ex 2012-04-12 23:56
    Mason Wheeler:
    "System.Web.Security.Membership.GeneratePassword"? Ugh. You think they could cram a few more levels of hierarchical namespacing into that if they tried? Just in case 5 isn't ugly enough for someone out there?


    If you've never used .Net, it's actually not bad with how .Net's "using" statements work. The only time you really have to type out the full namespace hierarchy is when there is a naming conflict with another namespace you've pulled in with a "using" statement. It's a really nice feature if you make heavy use of the IDE, a lot of the VS IDE is sensitive to what namespaces you bring in with "using" statements.
  • Lefty 2012-04-13 00:23
    Switch to EBCDIC.
  • Weps 2012-04-13 02:04

    uncleanRandomString = uncleanRandomString.Replace(")", "m");
    uncleanRandomString = uncleanRandomString.Replace("_", "d");
    uncleanRandomString = uncleanRandomString.Replace("-", "5");


    and he still didn't think of md5....
  • L. 2012-04-13 02:06
    wibble factory:
    Hmmmm:
    Hmmmm:
    Assuming what someone else said is true is never a good idea as it often isn't. The 2nd param is the minimum number of non-alphanumerics not the maximum or actual number.

    FTFM


    from http://msdn.microsoft.com/en-us/library/system.web.security.membership.generatepassword.aspx

    public static string GeneratePassword(
    int length,
    int numberOfNonAlphanumericCharacters
    )

    ...even though it's specified in the docs that it's the minimum number of the alpha chars (not the actual) it's totally lame that the second parameter is called 'numberOfNonAlphanumericCharacters' and not 'minimumNumberOfNonAlphanumericCharacters' (or some shorter equivalent)

    I have only one word for this kind of WTF:

    Microsoft
  • L. 2012-04-13 02:17
    Coffee Hound:
    Code Challenge:
    The shortest legible password generator that considers the following:
    - Alpha only, or alpha numeric, or alpha-num + symbols
    - Miminum and maximum length can be specified
    - Minimum/maximum length of any group (alpha, num etc.) can be specified.
    - Sufficiently random

    Bonus points:
    - No dictionary words from lang of choice
    - Uniformly distributed over possible set of characters
    And....
    GO


    I think you can do that in 5 minutes with a perl lib .. they have libs for everything mad and language-y
  • +9 2012-04-13 02:40
    // ...
    // several lines of code to be decently paid
    // ...
    return "hunter2";
  • Mathew 2012-04-13 02:59
    For those who didn't get it, here's how you would code this in a secure way:

    protected String getRanString()
    {
    String uncleanRandomString = System.Web.Security.Membership.GeneratePassword(10, 0);
    uncleanRandomString = uncleanRandomString.Replace("!", "a");
    uncleanRandomString = uncleanRandomString.Replace("@", "2");
    uncleanRandomString = uncleanRandomString.Replace("#", "c");
    uncleanRandomString = uncleanRandomString.Replace("$", "4");
    uncleanRandomString = uncleanRandomString.Replace("%", "3");
    uncleanRandomString = uncleanRandomString.Replace("^", "i");
    uncleanRandomString = uncleanRandomString.Replace("&", "a");
    uncleanRandomString = uncleanRandomString.Replace("*", "9");
    uncleanRandomString = uncleanRandomString.Replace("(", "g");
    uncleanRandomString = uncleanRandomString.Replace(")", "s");
    uncleanRandomString = uncleanRandomString.Replace("_", "h");
    uncleanRandomString = uncleanRandomString.Replace("-", "a");
    uncleanRandomString = uncleanRandomString.Replace("+", "2");
    uncleanRandomString = uncleanRandomString.Replace("=", "q");
    uncleanRandomString = uncleanRandomString.Replace("[", "w");
    uncleanRandomString = uncleanRandomString.Replace("{", "t");
    uncleanRandomString = uncleanRandomString.Replace("]", "r");
    uncleanRandomString = uncleanRandomString.Replace("}", "f");
    uncleanRandomString = uncleanRandomString.Replace(";", "8");
    uncleanRandomString = uncleanRandomString.Replace(":", "z");
    uncleanRandomString = uncleanRandomString.Replace("<", "x");
    uncleanRandomString = uncleanRandomString.Replace(">", "0");
    uncleanRandomString = uncleanRandomString.Replace("|", "v");
    uncleanRandomString = uncleanRandomString.Replace(".", "b");
    uncleanRandomString = uncleanRandomString.Replace("/", "y");
    uncleanRandomString = uncleanRandomString.Replace("?", "t");
    return uncleanRandomString;
    }
  • PedanticCurmudgeon 2012-04-13 08:22
    Peter:
    Sea Sharp, Waves Hurt:
    Foo Bar:
    Leper! Outcast! Unclean!
    Thomas Covenant. Classy :).
    God, no. Those were awful books.
    You read more than one of them? Why?
  • Claxon 2012-04-13 09:21
    It doesn't seem 'Too bad' to me.


    The generated password only contains alphanumeric characters and the following punctuation marks: !@#$%^&*()_-+=[{]};:<>|./?. No hidden or non-printable control characters are included in the generated password


    So System.Web.Security.Membership.GeneratePassword(10, 0); creates a random alpha-numeric string which includes the extra characters. But the programmer doesn't want any of those characters in password strings so they're performing a manual replace on each of the special characters.
  • Mainframe Web Dev 2012-04-13 09:52
    Lefty:
    Switch to EBCDIC.


    Hooray!
  • PiisAWheeL 2012-04-13 10:02
    Larry:
    There are plenty of numbers between 'a' and 'z':

    perl -e '$X="a";while ($X le "z"){print $X++;}'
    abcdefghijklmnopqrstuvwxyz
    Not a single 1 of those is a number.
  • jmacpherson 2012-04-13 10:08
    All are the letters are numerals for base 36.
  • PiisAWheeL 2012-04-13 12:55
    jmacpherson:
    All are the letters are numerals for base 36.
    Nobody in their right mind uses base36. A keyboard isn't used in a base36 context. It CAN be, but generally is not. So when we refer to the symbols on a keyboard, and put a requirement refering to numbers between 2 keys, and nobody has specified that we are using base36, then base 10 is assumed, and the symbols that are not arabic numbers are considered 'letters' and not 'numbers'. So no, nobody specified base36 before hand, so no, there are no numbers between 'a' and 'z' on a qwerty or dvorak keyboard.
  • Squiggler 2012-04-13 14:24
    You berated the programmer for not using md5, but he did!

    uncleanRandomString = uncleanRandomString.Replace(")", "m");
    uncleanRandomString = uncleanRandomString.Replace("_", "d");
    uncleanRandomString = uncleanRandomString.Replace("-", "5");
  • Gibbon1 2012-04-15 00:23
    Hmmmm:
    RichP:
    Why do I have the sneaking suspicion that he ran GeneratePassword and hand-selected the alphanumerics to use as the substitute in order to be "more randomer"?

    Assuming what someone else said is true then most definitely not or he would have realised that no non-alphnumerics were getting generated anyway...


    I'm going to assume he thought like other people that the second term would squash the non-alpha numeric characters. When it obvious didn't, he slapped in a fix and got on with his life. Since thee are no important effects outside the function itself, it's not very wtf.

    Big WTF is something that causes difficult to explain side effects, or subtle failures far from the offense itself.
  • I see what you did, there 2012-04-16 05:02
    PiisAWheeL:
    Larry:
    There are plenty of numbers between 'a' and 'z':

    perl -e '$X="a";while ($X le "z"){print $X++;}'
    abcdefghijklmnopqrstuvwxyz
    Not a single 1 of those is a number.


    Hint: Ipsum Lorem, Pagina III.
  • Shinhan7 2012-04-17 06:20
    "Apparently, this developer was too proud for base 64 encoding"

    I don't get it. How would base64 encoding help with random strings?

    With MD5 I could do MD5(RAND()) and get a reasonably random string of mostly numbers and couple letter (0-F). But how can one use Base 64 when generating a random string?
  • eXlit 2012-04-17 07:32
    umm, because it won't work on mac?
  • visualbasucks 2012-04-23 09:20
    Is there a formular for determing the decreased entropy?


    like

    cat /dev/absolutelyrandom | randomdetection
    100%
    (after some time)

    cat /dev/absolutelyrandom | replacing_certain_strings_with_absolutelynon_random | randomfilter
    30%

    ?

    Dunno how the Laplace Distribution plays in there, but some symbols have 1:1 conversion and are a crib enabler.
    Maybe one could build a functioning string (bash shebang?) out of the 1:1 fixed translation conversion symbols.

    And yes, the use of cat might be a deadvisable one, but i like pipes.