Archive for October, 2009

Password generation

October 21st, 2009 No comments

This summer, I wrote some useful java classes for generating random passwords.

Creating random password can be useful in situations such as the following:

  • A user forgot his password for our application. Our application sends an email with a new temporary password.
  • We want to verify, if a mobile phone number submitted by user is correct. Our application sends an SMS with the new temporary password.
  • A user of our application creates a new account for his colleague or family member. Our application creates a temporary password for that account.
  • For our own purposes. We want to create a good password for our personal usage.

Creating a random password is not so easy as might by thought. There are two commons errors with this:

  1. The password generated is an inelegant word, for example: “1something2″. We doesn’t want to send such a password to our potential clients.
  2. The password generated contains problematic characters, for example: “1″ and “l” or “O” and “0″. There is a problem, when the user rewrites the password from one device to another, e.g.: from a mobile phone to a web application running on a laptop.

That’s why in my application I create password in the form: 2 letters followed by 1 digit followed by 2 letters followed by 1 digit and so on. For example: ab2cd3ef4. Of course, the randomly – generated password contains only safe characters.

I decided to publish this classes to the open source community. You can use my library in your application on LGPL terms. Here is an example of usage:

// create a new one time password for sending via sms or email
// (4 chars - about 1e5 unique combination)
String password = new PasswordGenerator().generate();
// create a new strong password
// (8 chars - about 1e10 combination)
String strongPassword = new StrongPasswordGenerator().generate()

Using this library is simply for maven2 fans. If you are not already a fan of maven2, I advise you to become one. In your maven2 application in pom.xml file add a dependency:


You have to download and build the source by typing:

svn checkout jakubiak-generators-read-only
cd jakubiak-generators-read-only/jakubiak-generators/
mvn clean install

You should see the success message. Now the installation is completed and you can use this library.

By the way, I also wrote classes for creating a random MD5 number and for creating a random key. MD5 is obvious. The random MD5 numbers are commonly used in web applications, for example as a session cookie. In such a scenario a KeyGenerator class is an improved replacement for the random MD5. The KeyGenerator class create a huge random number bigger than the MD5. (“Bigger” in this case means a potentially larger number is possible). This number is encoded using 62 safe for URLs chars: a-z, A-Z, 0-9. Thanks to that its string representation is shorter and more safe than a hexadecimal encoded MD5.

// create a statistically unique key
// (22 chars safely for URLS - about 2e39 unique combination)
String key = new KeyGenerator().generate();
// create a random MD5 and encode it hexadecimal
// (32chars - 2^128 combination)
String md5 = new Md5HexGenerator().generate();

You can also write your own generator, by implementing IGenerator interface.

Categories: Java Tags: , ,

RTMP – how it make YouTube?

October 7th, 2009 2 comments

There is a problem with RTMP. It works on 1935 port. In fact it’s not a problem with RTMP but with ISP. ISP like filtering internet traffic and like packets queuing. That’s why connections on port 1935 – which is not wheel – known in Internet – work worse than connection on port 80. Adobe know that and have introduced RTMPT, which is an encapsulation of RTMP in HTTP, which works on port 80.

YouTube does something else. You see, You Tube allows recording from web cam. It uses RTMP to do that, but RTMP works on HTTP (80) port. I noticed it by using NetLimiter.

I decided to check it carefully. Is it RTMP on its unusual port or is it usual RTMPT? Using Wireshark as my oxygen supply, I dove deep in the hidden depths of the system. Wireshark allows me to sniff internet traffic. I was wondering what exactly my laptop send to YouTube. I would have expected many POST requests for RTMPT. There weren’t. It was something like

instead. rtmp:/… – 99% YouTube use RTMP on port 80.

It’s an interesting idea. I can check it out to give me an idea of how to write similar routines.


Categories: Uncategorized Tags: ,