Cryptic Code is Bad Code
TL;DR: Avoid obfuscated functions in your code.
This article is based on a real social hacking disguised as a job interview
Problems
Hidden vulnerabilities
Readability
Testability
Trust issues
Bad Naming
Solutions
Use clear names
Avoid obfuscation
Explain intent clearly
Review shared code
Don't trust code from unreliable sources
Avoid modification since it is a sign of Premature Optimization
Context
When you write functions with cryptic or obfuscated names, you make your code unreadable and untrustworthy.
This pattern often hides malicious intent or makes debugging and collaboration unnecessarily hard.
Cryptic code also frustrates team members and future maintainers, increasing technical debt and security risks.
Remember, hacking has a strong social component compared to what you see in Hollywood movies.
Sample Code
Wrong
function _0xaexad(_0x12bfc3, _0x43a1e9) {
return _0x12bfc3 ^ _0x43a1e9;
}
const result = _0xaexad(0x1a, 0x2f);
console.log(result);
Right
function xorOperation(orValue1, orValue2) {
return orValue1 ^ orValue2;
}
const result = xorOperation(26, 47);
console.log(result);
Detection
[X] Automatic
You can detect this smell by scanning your codebase for meaningless or obfuscated function names.
Use linters or code analysis tools to flag short, cryptic, or randomly named functions.
Manual code reviews can also help identify suspicious patterns.
Tags
- Security
Level
[X] Intermediate
Why the Bijection Is Important
Readable and meaningful names create a one-to-one correspondence between the real-world concept and your code.
Breaking this connection makes your program confusing and error-prone.
AI Generation
AI generators sometimes produce cryptic function names, especially when they optimize for brevity or imitate obfuscated patterns.
AI Detection
AI tools can detect and fix this smell when you ask them to refactor unclear function names or enforce coding standards.
They can analyze your entire codebase and suggest meaningful replacements for obfuscated names.
Try Them!
Remember: AI Assistants make lots of mistakes
| Without Proper Instructions | With Specific Instructions |
|---|---|
| ChatGPT | ChatGPT |
| Claude | Claude |
| Perplexity | Perplexity |
| Copilot | Copilot |
| Gemini | Gemini |
Conclusion
Avoid obfuscating your function names.
Write code that communicates your intent.
When you prioritize readability, you make your software easier to understand, debug, and maintain.
Cryptic code might look clever, but it adds unnecessary complexity.
Relations
Code Smell 20 - Premature Optimization
Maxi Contieri ・ Nov 8 '20
More Info
Disclaimer
Code Smells are my opinion.
Credits
Photo by Nikita Pavlov on Unsplash
The strength of a cryptographic system depends entirely on the strength of its weakest component.
Bruce Schneier
This article is part of the CodeSmell Series.
Top comments (0)