Password Generator

This is a discussion on Password Generator within the C Programming forums, part of the General Programming Boards category; I'm creating a password generator to 1) Make a utility that can help those who can't think of random, and ...

  1. #1
    Registered User
    Join Date
    Nov 2007
    Posts
    3

    Question Password Generator

    I'm creating a password generator to 1) Make a utility that can help those who can't think of random, and safe, passwords to use to protect personal, even important, information; 2) To create a source to help those who wish to learn more of input/output of files; and 3) (most importantly) to learn more, to gain a little more knowledge that could, some day, help me succeed in larger, more complex projects.

    Here's the source and the error messages I'm receiving:
    Code:
    #include<stdio.h>
    #include<stdlib.h>
    
    #define LEN 20
    
    int main() {
        FILE *fp;
        int x;
        char random;
        char pass[21];
        
        fp = fopen("pass.txt", "w");
        
        if (fp == NULL) {
           fprintf(stderr, "Can't open output file!\n");
           exit(1);
        }
    
        
    
    
        for(x=0; x<LEN; x++) {
                random = rand()&#37;5+62;
                pass = strncat(random, pass, 21);
        }
    
        getchar();
        return 0;
    }
    Errors/Warnings:
    [Warning] passing arg 1 of `strncat' makes pointer from integer without a cast
    incompatible types in assignment

    I'm using Bloodshed Dev-C++ (I've always used it).

    Post any code corrections or ideas that may help.

    Thank you!

  2. #2
    Kernel hacker
    Join Date
    Jul 2007
    Location
    Farncombe, Surrey, England
    Posts
    15,677
    First of all, your strncat is the wrong way around [it's strncat(dest, src, size)]

    Second, your "random" is a single char, so strncat can't "append" it, since it's not actually a string. You may not realize the difference, but a string is a "sequence of zero or more characters terminated by a zero-character", whilst a char is "exactly one character".

    The reason the compiler says what it does, is that the first two parameters to strncat() are representing a string as "a pointer to a sequence of characters (terminated bya zero-character)".

    I personally would do the appending of a single character by hand, using an index into the string.

    I would also like to say that a 20 character long password is terribly hard to remember. 8-10 letters is sufficent to make it HARD to guess. Remember, each letter you add makes it approximately 25 times harder to guess. 25^8 - that gives 152 G combinations. [And I'm currently assuming that you use alphabet only. Add in the possibilities of another 15 or so digits and puncuation marks, difference betwen upper and lower case, which gives us 25 * 2 + 15 -> 65 different "characters"], which gives 318 T combination. If a 2GHz computer could generate 1 every clock-cycle, it would take 318000 seconds to work through all 8 letter combinations. That's a mere 4 days or so. But since passwords are usually stored as some complex HASH-number, we end up with something that takes thousands of cycles just to create the and compare the hash. So instead of 4 days, we're talking 4000 days, or a little over 10 years for one machine. Of course only one year if you have 1000 machines working on it.

    Of course, ten letter password would take 4225 times longer - so now we need 4 million machines working full force 24/7 for a year before we have cracked the password - ok, so on average, over a large number of passwords, you may only take half that time - but it's an awfull lot of computing power to spend for getting into someones personal secrets. And if it's really valuable stuff, then you probably don't want a "random password generator" as your "security option".

    Sorry for the length of that...

    --
    Mats

    --
    Mats
    Compilers can produce warnings - make the compiler programmers happy: Use them!
    Please don't PM me for help - and no, I don't do help over instant messengers.

  3. #3
    Registered User
    Join Date
    Nov 2007
    Posts
    3
    Quote Originally Posted by matsp View Post
    First of all, your strncat is the wrong way around [it's strncat(dest, src, size)]

    Second, your "random" is a single char, so strncat can't "append" it, since it's not actually a string. You may not realize the difference, but a string is a "sequence of zero or more characters terminated by a zero-character", whilst a char is "exactly one character".

    The reason the compiler says what it does, is that the first two parameters to strncat() are representing a string as "a pointer to a sequence of characters (terminated bya zero-character)".

    I personally would do the appending of a single character by hand, using an index into the string.

    I would also like to say that a 20 character long password is terribly hard to remember. 8-10 letters is sufficent to make it HARD to guess. Remember, each letter you add makes it approximately 25 times harder to guess. 25^8 - that gives 152 G combinations. [And I'm currently assuming that you use alphabet only. Add in the possibilities of another 15 or so digits and puncuation marks, difference betwen upper and lower case, which gives us 25 * 2 + 15 -> 65 different "characters"], which gives 318 T combination. If a 2GHz computer could generate 1 every clock-cycle, it would take 318000 seconds to work through all 8 letter combinations. That's a mere 4 days or so. But since passwords are usually stored as some complex HASH-number, we end up with something that takes thousands of cycles just to create the and compare the hash. So instead of 4 days, we're talking 4000 days, or a little over 10 years for one machine. Of course only one year if you have 1000 machines working on it.

    Of course, ten letter password would take 4225 times longer - so now we need 4 million machines working full force 24/7 for a year before we have cracked the password - ok, so on average, over a large number of passwords, you may only take half that time - but it's an awfull lot of computing power to spend for getting into someones personal secrets. And if it's really valuable stuff, then you probably don't want a "random password generator" as your "security option".

    Sorry for the length of that...

    --
    Mats

    --
    Mats
    Thank you so much! Early morning (Worked on it around 6 AM) programming makes a messy programmer.
    This project is just for learning purposes, so it's not really recommended to use, just to look at the source to learn.
    Also, I use 20+ character passwords myself, I may just be paranoid, but it's how I work.

    Code:
    #include<stdio.h>
    #include<stdlib.h>
    
    #define LEN 20
    
    int main() {
        FILE *fp;
        int x;
        char random;
        char pass[21];
        
        fp = fopen("pass.txt", "w");
        
        for(x=0; x<LEN; x++) {
                random = strcopy(random,rand()%5+62);
                pass[x] = random;
        }
        pass[21] = '\n';
        fprintf(fp,pass,"w");
        
        getchar();
        return 0;
    }
    New code, now I'm getting these:
    [Linker error] undefined reference to `strcopy'
    ld returned 1 exit status

    Sorry if it's an obvious answer, I'm looking at everything right now trying to find the answer.

  4. #4
    Kernel hacker
    Join Date
    Jul 2007
    Location
    Farncombe, Surrey, England
    Posts
    15,677
    If you mean "strcpy" then it's got exactly the same problem as strncat() - it takes two strings as argument.

    If you have a 20 character password, then you probably should consider whether it's easily crackable or not - a password that consists of "words" is usually easy to crack. It is better to have something shorter that doesn't contain just letters. Using digits and punctuation marks makes it much less likely to be found through "lookup" [that means, you use a dictionary to list all words as passwords, or pairs of words, and then compare the resulting password hashes with the passwords of the system.]

    Billboard is a bad password.

    B!llb04rd is much better password - it's certainly not in a dictionary, and it's a combination of all three of letters, numbers and punctuation. And equally easy or hard to remember. [Well, you have to remember what letters you replace with what numbers/punctuations].

    Of course, it's still not ideal. A good password is
    F-rp4#rb% - but that means absolutely nothing to me, and as far as I know, no-one else - it was just something I randomly typed on the keyboard to make up a "good password". The fact that it means nothing to anyone makes it good, because it's "impossible" to guess, right? But it's also almost impossible to remember...

    --
    Mats
    Compilers can produce warnings - make the compiler programmers happy: Use them!
    Please don't PM me for help - and no, I don't do help over instant messengers.

  5. #5
    Registered User
    Join Date
    Nov 2007
    Posts
    3
    Quote Originally Posted by matsp View Post
    If you mean "strcpy" then it's got exactly the same problem as strncat() - it takes two strings as argument.

    If you have a 20 character password, then you probably should consider whether it's easily crackable or not - a password that consists of "words" is usually easy to crack. It is better to have something shorter that doesn't contain just letters. Using digits and punctuation marks makes it much less likely to be found through "lookup" [that means, you use a dictionary to list all words as passwords, or pairs of words, and then compare the resulting password hashes with the passwords of the system.]

    Billboard is a bad password.

    B!llb04rd is much better password - it's certainly not in a dictionary, and it's a combination of all three of letters, numbers and punctuation. And equally easy or hard to remember. [Well, you have to remember what letters you replace with what numbers/punctuations].

    Of course, it's still not ideal. A good password is
    F-rp4#rb% - but that means absolutely nothing to me, and as far as I know, no-one else - it was just something I randomly typed on the keyboard to make up a "good password". The fact that it means nothing to anyone makes it good, because it's "impossible" to guess, right? But it's also almost impossible to remember...

    --
    Mats
    Wow I let hands go and type an o in there. And I had made random an array beforehand so I put strcpy in to make it work, I took it out and now it works!

    Thank you so much for all of your help!

    Code:
    #include<stdio.h>
    #include<stdlib.h>
    #include <time.h>
    
    #define LEN 20
    
    int main() {
        FILE *fp;
        int x;
        char random;
        char pass[21];
        
        fp = fopen("pass.txt", "w");
        
        srand((unsigned int)time(0));
        
        for(x=0; x<LEN; x++) { 
                random = rand()%5+62;
                pass[x] = random;
        }
        printf("%s", pass);
        fprintf(fp,pass,"w");
        
        getchar();
        return 0;
    }
    Last edited by My Overflow; 11-17-2007 at 09:45 AM. Reason: Found the problem

  6. #6
    Frequently Quite Prolix dwks's Avatar
    Join Date
    Apr 2005
    Location
    Canada
    Posts
    8,045
    Billboard is a bad password.

    B!llb04rd is much better password - it's certainly not in a dictionary, and it's a combination of all three of letters, numbers and punctuation. And equally easy or hard to remember. [Well, you have to remember what letters you replace with what numbers/punctuations].
    Not much better . . . I read something on Wikipedia the other day about this. It seems that most dictionary password breakers have this sort of thing integrated into them. I thought it was here, but I can't find it now. http://en.wikipedia.org/wiki/Password_cracking

    Also see this (I know it's not a real generator, but still): http://en.wikipedia.org/wiki/Random_password_generator
    dwk

    Seek and ye shall find. quaere et invenies.

    "Simplicity does not precede complexity, but follows it." -- Alan Perlis
    "Testing can only prove the presence of bugs, not their absence." -- Edsger Dijkstra
    "The only real mistake is the one from which we learn nothing." -- John Powell


    Other boards: DaniWeb, TPS
    Unofficial Wiki FAQ: cpwiki.sf.net

    My website: http://dwks.theprogrammingsite.com/
    Projects: codeform, xuni, atlantis, nort, etc.

  7. #7
    Registered User
    Join Date
    Sep 2006
    Posts
    8,868
    Quote Originally Posted by My Overflow View Post
    Here's the source and the error messages I'm receiving:
    Code:
    #include<stdio.h>
    
    #include<stdlib.h>
    
    #define LEN 20
    ...
    Errors/Warnings:
    [Warning] passing arg 1 of `strncat' makes pointer from integer without a cast
    incompatible types in assignment

    Post any code corrections or ideas that may help. Thank you!
    I know you've re-done your program (very nicely btw), but I wanted to add that when you use a string keyword, you need to include string.h in your program.

  8. #8
    Frequently Quite Prolix dwks's Avatar
    Join Date
    Apr 2005
    Location
    Canada
    Posts
    8,045
    Quote Originally Posted by Adak View Post
    I know you've re-done your program (very nicely btw), but I wanted to add that when you use a string keyword, you need to include string.h in your program.
    Just to clarify: whenever you use a function from a header file, you need to include that header file.

    Functions from string.h are often called str*(), like strcpy(), strcspn(), or strncat(), although not always. http://www.cppreference.com/stdstring/index.html

    @Adak: At first I thought you were talking about C++'s std::string. "string" isn't a keyword in C or C++ . . .
    dwk

    Seek and ye shall find. quaere et invenies.

    "Simplicity does not precede complexity, but follows it." -- Alan Perlis
    "Testing can only prove the presence of bugs, not their absence." -- Edsger Dijkstra
    "The only real mistake is the one from which we learn nothing." -- John Powell


    Other boards: DaniWeb, TPS
    Unofficial Wiki FAQ: cpwiki.sf.net

    My website: http://dwks.theprogrammingsite.com/
    Projects: codeform, xuni, atlantis, nort, etc.

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. help with password list generator
    By casper29 in forum C Programming
    Replies: 4
    Last Post: 02-12-2009, 01:23 AM
  2. [Q]Hide Password
    By Yuri in forum C++ Programming
    Replies: 14
    Last Post: 03-02-2006, 02:42 AM
  3. NAQ: Everything you never wanted to know about CPP
    By evildave in forum C Programming
    Replies: 21
    Last Post: 12-12-2005, 09:56 AM
  4. written command line password generator
    By lepricaun in forum C Programming
    Replies: 15
    Last Post: 08-17-2004, 08:42 PM
  5. Random Password Generator v1.0 - download it
    By GaPe in forum A Brief History of Cprogramming.com
    Replies: 3
    Last Post: 08-18-2002, 01:27 AM

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21