Author Topic: Words can't describe....  (Read 7042 times)

0 Members and 4 Guests are viewing this topic.

Offline MyndFyre

  • Boticulator Extraordinaire
  • x86
  • Hero Member
  • *****
  • Posts: 4540
  • The wait is over.
    • View Profile
    • JinxBot :: the evolution in boticulation
Words can't describe....
« on: December 06, 2006, 03:53:57 pm »
One of the first computer things to make me really laugh out loud.  This is from The Daily WTF:

J.S. Bangs sends us today's snippit located deep within a Java codebase he's maintaining. The function, getRandomBits() returns a 32-byte array of random bites for security purposes. Since Java provides a Random method, this should be easy; in fact a proper implementation can be writting in five lines:
Code: [Select]
public static byte[] getRandomBits() {
  byte[] random = new byte[32];
  Random.nextBytes(random);
  return random;
}
Of course, J.S.'s predecessor found a more interesting way to do things. His version of getRandomBits did its job by:

* Enumerate all of the System properties
* Create an MD4 hash of all of the property key/value pairs
* Do a bitwise-XOR of the various hashes
* Throw in an MD4 hash of the current system time so that the value isn't always the same
* Bitwise-XOR that in there as well
* Return the result
The best thing J.S. could say about this code was "at least it's commented". I don't believe it within my ability however to do this code justice, so without futher to do:
Code: [Select]
    public static byte[] innerGetRandomBits() {
        int pos = 0;
        int iters = 0;

        bits = new byte[(nbits + 7) / 8];

        for (int i = 0; i < bits.length; i++)
            bits[i] = (byte) 0;
       
        Enumeration e = null;
        try {
            e = System.getProperties().propertyNames();
        } catch (Exception ex) {
            // no need to do anything
        }

        MD4 hash = new MD4();
        int hash_count = 0;
        int hash_bytes = 0;

        long ms = System.currentTimeMillis();
        byte[] bytes = new byte[12];
        for (int i = 0; i < 8; i++) {
            bytes[i] = (byte) (ms & 0xffL);
            ms = ms >> 8;
        }
        int hn = System.identityHashCode(bytes);
        for (int i = 0; i < 4; i++) {
            bytes[i + 8] = (byte) (hn & 0xffL);
            hn = hn >> 8;
        }

        if (e != null)
            while (e.hasMoreElements()) {
                String key = (String) e.nextElement();
                if (key != null) {
                    String val = System.getProperty(key);
                    if (val != null) {

                        String pair = key + val;
                        bytes = pair.getBytes();
                        hash.engineUpdate(bytes, 0, bytes.length);
                        hash_bytes += bytes.length;

                        // when the hash input size is large enough ...
                        if (hash_bytes >= 128) {
                            hash_count++;
                            hash_bytes = 0;

                            // ... produce a digest and ...
                            byte[] digest = hash.engineDigest();
                            for (int i = 0; i < digest.length; i++) {

                                // ...fold it into the bit buffer
                                bits[pos] = (byte) (bits[pos] ^ digest[i]);
                                pos++;
                                if (pos == bits.length) {
                                    pos = 0;
                                    iters++;
                                }
                            } // end for
                        } // end if hash_bytes
                    } // end if val non null
                } // end if key non null
            } // end while e.hasMoreElements

        while (iters < 2) {
            for (int j = 512 / 8; j > 0; j--) {
                Thread.yield();
                ms = System.currentTimeMillis();
                for (int i = 0; i < 8; i++) {
                    bytes[i] = (byte) (ms & 0xffL);
                    ms = ms >> 8;
                }
                hash.engineUpdate(bytes, 0, 8);
                hash_bytes += 8;

                // when the hash input size is large enough ...
                if (hash_bytes >= 128) {
                    hash_count++;
                    hash_bytes = 0;

                    // ... produce a digest and ...
                    byte[] digest = hash.engineDigest();
                    for (int i = 0; i < digest.length; i++) {

                        // ...fold it into the bit buffer
                        bits[pos] = (byte) (bits[pos] ^ digest[i]);
                        pos++;
                        if (pos == bits.length) {
                            pos = 0;
                            iters++;
                        }
                    } // end for
                } // end if hash_bytes
            } // end for
        } // end while iters

        return bits;
    }
I have a programming folder, and I have nothing of value there

Running with Code has a new home!

Our species really annoys me.

Offline AntiVirus

  • Legendary
  • x86
  • Hero Member
  • *****
  • Posts: 2521
  • Best
    • View Profile
Re: Words can't describe....
« Reply #1 on: December 06, 2006, 04:56:40 pm »
Lmfao, what a waste of time and effort!
The once grove of splendor,
Aforetime crowned by lilac and lily,
Lay now forevermore slender;
And all winds that liven
Silhouette a lone existence;
A leafless oak grasping at eternity.


"They say that I must learn to kill before I can feel safe, but I rather kill myself then turn into their slave."
- The Rasmus

Offline disco

  • Full Member
  • ***
  • Posts: 212
  • Comfortably Numb
    • View Profile
Re: Words can't describe....
« Reply #2 on: December 06, 2006, 05:11:59 pm »
I don't get it.

Offline Sidoh

  • x86
  • Hero Member
  • *****
  • Posts: 17634
  • MHNATY ~~~~~
    • View Profile
    • sidoh
Re: Words can't describe....
« Reply #3 on: December 06, 2006, 05:22:29 pm »
HAHAHA!

I don't get it.

He makes the method far more difficult, inefficient and painful than is necessary.  I'm pretty sure the creators of Java made a decent random number generator.  This guy's idea is totally asinine.

Offline Chavo

  • x86
  • Hero Member
  • *****
  • Posts: 2219
  • no u
    • View Profile
    • Chavoland
Re: Words can't describe....
« Reply #4 on: December 06, 2006, 05:49:02 pm »
Yea... I think it's less random than the API's Random.

Hilarious!

Offline MyndFyre

  • Boticulator Extraordinaire
  • x86
  • Hero Member
  • *****
  • Posts: 4540
  • The wait is over.
    • View Profile
    • JinxBot :: the evolution in boticulation
Re: Words can't describe....
« Reply #5 on: December 07, 2006, 07:52:00 pm »
Yea... I think it's less random than the API's Random.

It's definitely no more random than the API's.  Random without a seed will produce the same sequence given the same start time.  So will this.  The only difference is, Random is mathematically distributed, whereas hashing is not.
I have a programming folder, and I have nothing of value there

Running with Code has a new home!

Our species really annoys me.

Offline Towelie

  • pwnstar
  • x86
  • Hero Member
  • *****
  • Posts: 4873
    • View Profile
Re: Words can't describe....
« Reply #6 on: December 07, 2006, 11:54:10 pm »
HAHAHA!

I don't get it.

He makes the method far more difficult, inefficient and painful than is necessary.  I'm pretty sure the creators of Java made a decent random number generator.  This guy's idea is totally asinine.
Reminds me of the redneck dictionary. "I'll give her face a two, and her asinine (ass a nine)"
Anyways, rofl!

Offline Sidoh

  • x86
  • Hero Member
  • *****
  • Posts: 17634
  • MHNATY ~~~~~
    • View Profile
    • sidoh
Re: Words can't describe....
« Reply #7 on: December 08, 2006, 12:05:30 am »
Reminds me of the redneck dictionary. "I'll give her face a two, and her asinine (ass a nine)"
Anyways, rofl!

The word 'asinine' reminds you of the redneck dictionary?  Hmm... :-\

;)

Offline disco

  • Full Member
  • ***
  • Posts: 212
  • Comfortably Numb
    • View Profile
Re: Words can't describe....
« Reply #8 on: December 08, 2006, 12:38:20 am »
HAHAHA!

I don't get it.

He makes the method far more difficult, inefficient and painful than is necessary.  I'm pretty sure the creators of Java made a decent random number generator.  This guy's idea is totally asinine.
Reminds me of the redneck dictionary. "I'll give her face a two, and her asinine (ass a nine)"
Anyways, rofl!

I don't get it.

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Words can't describe....
« Reply #9 on: December 08, 2006, 08:27:39 am »
Yea... I think it's less random than the API's Random.

It's definitely no more random than the API's.  Random without a seed will produce the same sequence given the same start time.  So will this.  The only difference is, Random is mathematically distributed, whereas hashing is not.

Hashing isn't?  I thought the point of a good hashing algorithm is that it IS randomly distributed?

Offline Chavo

  • x86
  • Hero Member
  • *****
  • Posts: 2219
  • no u
    • View Profile
    • Chavoland
Re: Words can't describe....
« Reply #10 on: December 08, 2006, 09:51:26 am »
With hashing, given a static set of values you should always hash the same result... doesn't sound random to me ;)

Offline Joe

  • B&
  • x86
  • Hero Member
  • *****
  • Posts: 10319
  • In Soviet Russia, text read you!
    • View Profile
    • Github
Re: Words can't describe....
« Reply #11 on: December 08, 2006, 10:17:19 am »
System time isn't a static value, though.
I'd personally do as Joe suggests

You might be right about that, Joe.


Offline AntiVirus

  • Legendary
  • x86
  • Hero Member
  • *****
  • Posts: 2521
  • Best
    • View Profile
Re: Words can't describe....
« Reply #12 on: December 08, 2006, 11:08:51 am »
I'm not really sure what hashing is, but I know you can seed the random generator with the time(NULL) function.  The random generator is only "random" if you seed it with different starting numbers.
The once grove of splendor,
Aforetime crowned by lilac and lily,
Lay now forevermore slender;
And all winds that liven
Silhouette a lone existence;
A leafless oak grasping at eternity.


"They say that I must learn to kill before I can feel safe, but I rather kill myself then turn into their slave."
- The Rasmus

Offline Chavo

  • x86
  • Hero Member
  • *****
  • Posts: 2219
  • no u
    • View Profile
    • Chavoland
Re: Words can't describe....
« Reply #13 on: December 08, 2006, 11:23:05 am »
System time isn't a static value, though.
He's hashing time system properties (semi-static) and combining it with a hash of system time (non-static).  I don't think it takes a genius  to figure out that a static value + a random value is not more random than a random value by itself.  Furthermore, if you modulate a random number by a static number, you get a less random number.

Offline deadly7

  • 42
  • x86
  • Hero Member
  • *****
  • Posts: 6496
    • View Profile
Re: Words can't describe....
« Reply #14 on: December 08, 2006, 06:46:56 pm »
Reminds me of the redneck dictionary. "I'll give her face a two, and her asinine (ass a nine)"
Anyways, rofl!

The word 'asinine' reminds you of the redneck dictionary?  Hmm... :-\

;)
In the case that you weren't kidding (highly improbable) and for disco's knowledge: See: Blue Collar TV.
[17:42:21.609] <Ergot> Kutsuju you're girlfrieds pussy must be a 403 error for you
 [17:42:25.585] <Ergot> FORBIDDEN

on IRC playing T&T++
<iago> He is unarmed
<Hitmen> he has no arms?!

on AIM with a drunk mythix:
(00:50:05) Mythix: Deadly
(00:50:11) Mythix: I'm going to fuck that red dot out of your head.
(00:50:15) Mythix: with my nine