jnanoid | A unique string ID generator for Java | Generator Utils library

In the loop we're attempting to choose a random member (letter) of our alphabet on each loop iteration. Note that this can fail in a given loop iteration because we can get an index greater than the length of our alphabet. We're choosing our letter by creating an array of random bytes. We then use just enough bits of each random byte to ensure we can choose any letter in the alphabet. So if our alphabet has two characters one bit will be enough, since it can have value 0 or 1. If our alphabet has 9 characters we need four bits, since three bits can only represent 8 values (0-7). This is what the mask is. We're masking off the bottom four bits of the random byte and using those as an index into our alphabet. So if our random byte is 11000110 we use the bottom four bits (0110) in my example for a 9-character alphabet. 0110 is 6 in decimal, so we pick the letter at index 6 in our character array. Now you can see how it can fail. If our random byte is 01001101 then we mask 1101 which is 13 in decimal, which is beyond the end of our 9-letter alphabet. As mentioned, the code to set up the mask ensures that it is long enough to cover the entire alphabet using this algorithm, but it can't prevent it being too long.

I have to say step looks a bit arbitrary to me. If you look at the loop step is the number of bytes we are trying in an attempt to get a random string of length size. We've seen that an individual loop iteration can fail to pick a letter, so step needs to be bigger than just size. How much longer depends on how big mask is relative to our alphabet length, so multiplying by mask/alphabet.length makes sense. We can still fail to pick enough random letters with just that though, so we bump up by what looks like an arbitrary factor of 1.6. Of course we can STILL fail (all of our random bytes could point to letters beyond the end of the alphabet), which is why we have while(true) in there: if it does fail we try again.