Michael listened as his co-worker Draughon droned on at lunch. "I just don't trust hashes, man. I never understood any of the algorithms behind them, and I don't trust anything I don't understand."
"But MD5 is a well-documented algorithm," Michael countered.
"Nonsense," Draughon said. "Just try reading the documentation. It's a little better if you do it stoned, but company policy frowns on that, doesn't it?"
Michael nodded, not that he had to worry from IniTech's random drug screenings.
But Draughon should have. Shortly after lunch, Michael's coworker was escorted out by security, and his desk -- filled with rolling papers, but no illicit substances -- was swiftly emptied out. Michael's inbox was flooded with assignment notices as Draughon's ticket queue emptied out onto Michael's.
Before Michael left for the day, he decided to check one of the tickets, curious if Draughon's paranoid coding strategy actually worked. The client wanted to replace an .mp3 file uploaded with a tool Draughon had written, but they couldn't find the file name in the public directory. After FTP-ing onto the server, Michael found tens of millions of files named si4md, 7r0s2, etc. Michael found the tool Draughon wrote in the IniTech repo, including one peculiar function:
public static string GenerateFilename() { string valid_chars = "abcdefgijkmnopqrstwxyz1234567890"; string temp = string.Empty; Random r = new Random(); for (int i = 0; i < 5; i++) temp += valid_chars[r.Next(valid_chars.Length)]; return temp; }
"Don't like hashes, huh, Draughon?" Michael said, smirking. The function was run whenever a file was uploaded, generating new files even when the original was being over-written. He considered it lucky that there hadn't been a file name collision, with tens of millions of files and counting being uploaded with the tool. He replaced the naming scheme with an MD5 hash of the original file name.