Words can't describe....

[MyndFyre]

One of the first computer things to make me really laugh out loud.  This is from The Daily WTF:

J.S. Bangs sends us today's snippit located deep within a Java codebase he's maintaining. The function, getRandomBits() returns a 32-byte array of random bites for security purposes. Since Java provides a Random method, this should be easy; in fact a proper implementation can be writting in five lines:

Code Select Expand


public static byte[] getRandomBits() {
  byte[] random = new byte[32];
  Random.nextBytes(random);
  return random;
}

Of course, J.S.'s predecessor found a more interesting way to do things. His version of getRandomBits did its job by:

* Enumerate all of the System properties
* Create an MD4 hash of all of the property key/value pairs
* Do a bitwise-XOR of the various hashes
* Throw in an MD4 hash of the current system time so that the value isn't always the same
* Bitwise-XOR that in there as well
* Return the result
The best thing J.S. could say about this code was "at least it's commented". I don't believe it within my ability however to do this code justice, so without futher to do:

Code Select Expand


    public static byte[] innerGetRandomBits() {
        int pos = 0;
        int iters = 0;

        bits = new byte[(nbits + 7) / 8];

        for (int i = 0; i < bits.length; i++)
            bits[i] = (byte) 0;
       
        Enumeration e = null;
        try {
            e = System.getProperties().propertyNames();
        } catch (Exception ex) {
            // no need to do anything
        }

        MD4 hash = new MD4();
        int hash_count = 0;
        int hash_bytes = 0;

        long ms = System.currentTimeMillis();
        byte[] bytes = new byte[12];
        for (int i = 0; i < 8; i++) {
            bytes[i] = (byte) (ms & 0xffL);
            ms = ms >> 8;
        }
        int hn = System.identityHashCode(bytes);
        for (int i = 0; i < 4; i++) {
            bytes[i + 8] = (byte) (hn & 0xffL);
            hn = hn >> 8;
        }

        if (e != null)
            while (e.hasMoreElements()) {
                String key = (String) e.nextElement();
                if (key != null) {
                    String val = System.getProperty(key);
                    if (val != null) {

                        String pair = key + val;
                        bytes = pair.getBytes();
                        hash.engineUpdate(bytes, 0, bytes.length);
                        hash_bytes += bytes.length;

                        // when the hash input size is large enough ...
                        if (hash_bytes >= 128) {
                            hash_count++;
                            hash_bytes = 0;

                            // ... produce a digest and ...
                            byte[] digest = hash.engineDigest();
                            for (int i = 0; i < digest.length; i++) {

                                // ...fold it into the bit buffer
                                bits[pos] = (byte) (bits[pos] ^ digest[i]);
                                pos++;
                                if (pos == bits.length) {
                                    pos = 0;
                                    iters++;
                                }
                            } // end for
                        } // end if hash_bytes
                    } // end if val non null
                } // end if key non null
            } // end while e.hasMoreElements

        while (iters < 2) {
            for (int j = 512 / 8; j > 0; j--) {
                Thread.yield();
                ms = System.currentTimeMillis();
                for (int i = 0; i < 8; i++) {
                    bytes[i] = (byte) (ms & 0xffL);
                    ms = ms >> 8;
                }
                hash.engineUpdate(bytes, 0, 8);
                hash_bytes += 8;

                // when the hash input size is large enough ...
                if (hash_bytes >= 128) {
                    hash_count++;
                    hash_bytes = 0;

                    // ... produce a digest and ...
                    byte[] digest = hash.engineDigest();
                    for (int i = 0; i < digest.length; i++) {

                        // ...fold it into the bit buffer
                        bits[pos] = (byte) (bits[pos] ^ digest[i]);
                        pos++;
                        if (pos == bits.length) {
                            pos = 0;
                            iters++;
                        }
                    } // end for
                } // end if hash_bytes
            } // end for
        } // end while iters

        return bits;
    }


[AntiVirus]

Lmfao, what a waste of time and effort!

[disco]

I don't get it.

[Sidoh]

HAHAHA!

I don't get it.

He makes the method far more difficult, inefficient and painful than is necessary.  I'm pretty sure the creators of Java made a decent random number generator.  This guy's idea is totally asinine.

[Chavo]

Yea... I think it's less random than the API's Random.

Hilarious!

[MyndFyre]

Yea... I think it's less random than the API's Random.

It's definitely no more random than the API's.  Random without a seed will produce the same sequence given the same start time.  So will this.  The only difference is, Random is mathematically distributed, whereas hashing is not.

[Towelie]

HAHAHA!

I don't get it.

He makes the method far more difficult, inefficient and painful than is necessary.  I'm pretty sure the creators of Java made a decent random number generator.  This guy's idea is totally asinine.

Reminds me of the redneck dictionary. "I'll give her face a two, and her asinine (ass a nine)"
Anyways, rofl!

[Sidoh]

Reminds me of the redneck dictionary. "I'll give her face a two, and her asinine (ass a nine)"
Anyways, rofl!

The word 'asinine' reminds you of the redneck dictionary?  Hmm... :-\

;)

[disco]

HAHAHA!

I don't get it.

He makes the method far more difficult, inefficient and painful than is necessary.  I'm pretty sure the creators of Java made a decent random number generator.  This guy's idea is totally asinine.

Reminds me of the redneck dictionary. "I'll give her face a two, and her asinine (ass a nine)"
Anyways, rofl!

I don't get it.

[iago]

x86] link=topic=8090.msg101887#msg101887 date=1165539120]

Yea... I think it's less random than the API's Random.

It's definitely no more random than the API's.  Random without a seed will produce the same sequence given the same start time.  So will this.  The only difference is, Random is mathematically distributed, whereas hashing is not.

Hashing isn't?  I thought the point of a good hashing algorithm is that it IS randomly distributed?

[Chavo]

With hashing, given a static set of values you should always hash the same result... doesn't sound random to me ;)

[Joe]

System time isn't a static value, though.

[AntiVirus]

I'm not really sure what hashing is, but I know you can seed the random generator with the time(NULL) function.  The random generator is only "random" if you seed it with different starting numbers.

[Chavo]

x86] link=topic=8090.msg101946#msg101946 date=1165591039]
System time isn't a static value, though.

He's hashing time system properties (semi-static) and combining it with a hash of system time (non-static).  I don't think it takes a genius  to figure out that a static value + a random value is not more random than a random value by itself.  Furthermore, if you modulate a random number by a static number, you get a less random number.

[deadly7]

Reminds me of the redneck dictionary. "I'll give her face a two, and her asinine (ass a nine)"
Anyways, rofl!

The word 'asinine' reminds you of the redneck dictionary?  Hmm... :-\

;)

In the case that you weren't kidding (highly improbable) and for disco's knowledge: See: Blue Collar TV.