Code Smell 284 – Encrypted Functions
Cryptic Code is Bad Code
TL;DR: Avoid obfuscated functions in your code.
This article is based on a real social hacking event disguised as a job interview
Problems
- Hidden vulnerabilities
- Readability
- Testability
- Trust issues
- Bad Naming
Solutions
- Use clear names
- Avoid obfuscation
- Explain intent clearly
- Review shared code
- Don’t trust code from unreliable sources
- Avoid modification since it is a sign of Premature Optimization
Context
When you write functions with cryptic or obfuscated names, you make your code unreadable and untrustworthy. This pattern often hides malicious intent or makes debugging and collaboration unnecessarily hard. Cryptic code also frustrates team members and future maintainers, increasing technical debt and security risks. Remember, hacking has a strong social component compared to what you see in Hollywood movies.
Sample Code
Wrong
function _0xaexad(_0x12bfc3, _0x43a1e9) {
return _0x12bfc3 ^ _0x43a1e9;
}
const result = _0xaexad(0x1a, 0x2f);
console.log(result);
Right
function xorOperation(orValue1, orValue2) {
return orValue1 ^ orValue2;
}
const result = xorOperation(26, 47);
console.log(result);
Detection
You can detect this smell by scanning your codebase for meaningless or obfuscated function names. Use linters or code analysis tools to flag short, cryptic, or randomly named functions. Manual code reviews can also help identify suspicious patterns.
Tags
Level
Why the Bijection Is Important
Readable and meaningful names create a one-to-one correspondence between the real-world concept and your code.
Breaking this connection makes your program confusing and error-prone.
AI Generation
AI generators sometimes produce cryptic function names, especially when they optimize for brevity or imitate obfuscated patterns.
AI Detection
AI tools can detect and fix this smell when you ask them to refactor unclear function names or enforce coding standards.
They can analyze your entire codebase and suggest meaningful replacements for obfuscated names.
Try Them!
Remember: AI Assistants make lots of mistakes
Conclusion
Avoid obfuscating your function names.
Write code that communicates your intent.
When you prioritize readability, you make your software easier to understand, debug, and maintain.
Cryptic code might look clever, but it adds unnecessary complexity.
Related Reading
https://hackernoon.com/how-to-find-the-stinky-parts-of-your-code-part-xxviii
https://hackernoon.com/how-to-find-the-stinky-parts-of-your-code-part-xliii
https://hackernoon.com/how-to-find-the-stinky-parts-of-your-code-part-ii-o96s3wl4
https://hackernoon.com/how-to-find-the-stinky-parts-of-your-code-part-iv-7sc3w8n
More Info
Disclaimer: Code Smells are my opinion.
The strength of a cryptographic system depends entirely on the strength of its weakest component.
– Bruce Schneier
This article is part of the CodeSmell Series.