Password Generator

I'm creating a password generator to 1) Make a utility that can help those who can't think of random, and safe, passwords to use to protect personal, even important, information; 2) To create a source to help those who wish to learn more of input/output of files; and 3) (most importantly) to learn more, to gain a little more knowledge that could, some day, help me succeed in larger, more complex projects.

Here's the source and the error messages I'm receiving:

Code:

#include<stdio.h>
#include<stdlib.h>

#define LEN 20

int main() {
    FILE *fp;
    int x;
    char random;
    char pass[21];
    
    fp = fopen("pass.txt", "w");
    
    if (fp == NULL) {
       fprintf(stderr, "Can't open output file!\n");
       exit(1);
    }

    


    for(x=0; x<LEN; x++) {
            random = rand()&#37;5+62;
            pass = strncat(random, pass, 21);
    }

    getchar();
    return 0;
}

Errors/Warnings:
[Warning] passing arg 1 of `strncat' makes pointer from integer without a cast
incompatible types in assignment

I'm using Bloodshed Dev-C++ (I've always used it).

Post any code corrections or ideas that may help.

Thank you!

First of all, your strncat is the wrong way around [it's strncat(dest, src, size)]

Second, your "random" is a single char, so strncat can't "append" it, since it's not actually a string. You may not realize the difference, but a string is a "sequence of zero or more characters terminated by a zero-character", whilst a char is "exactly one character".

The reason the compiler says what it does, is that the first two parameters to strncat() are representing a string as "a pointer to a sequence of characters (terminated bya zero-character)".

I personally would do the appending of a single character by hand, using an index into the string.

I would also like to say that a 20 character long password is terribly hard to remember. 8-10 letters is sufficent to make it HARD to guess. Remember, each letter you add makes it approximately 25 times harder to guess. 25^8 - that gives 152 G combinations. [And I'm currently assuming that you use alphabet only. Add in the possibilities of another 15 or so digits and puncuation marks, difference betwen upper and lower case, which gives us 25 * 2 + 15 -> 65 different "characters"], which gives 318 T combination. If a 2GHz computer could generate 1 every clock-cycle, it would take 318000 seconds to work through all 8 letter combinations. That's a mere 4 days or so. But since passwords are usually stored as some complex HASH-number, we end up with something that takes thousands of cycles just to create the and compare the hash. So instead of 4 days, we're talking 4000 days, or a little over 10 years for one machine. Of course only one year if you have 1000 machines working on it.

Of course, ten letter password would take 4225 times longer - so now we need 4 million machines working full force 24/7 for a year before we have cracked the password - ok, so on average, over a large number of passwords, you may only take half that time - but it's an awfull lot of computing power to spend for getting into someones personal secrets. And if it's really valuable stuff, then you probably don't want a "random password generator" as your "security option".

Sorry for the length of that...

--
Mats

--
Mats

Originally Posted by matsp

First of all, your strncat is the wrong way around [it's strncat(dest, src, size)]

Second, your "random" is a single char, so strncat can't "append" it, since it's not actually a string. You may not realize the difference, but a string is a "sequence of zero or more characters terminated by a zero-character", whilst a char is "exactly one character".

The reason the compiler says what it does, is that the first two parameters to strncat() are representing a string as "a pointer to a sequence of characters (terminated bya zero-character)".

I personally would do the appending of a single character by hand, using an index into the string.

I would also like to say that a 20 character long password is terribly hard to remember. 8-10 letters is sufficent to make it HARD to guess. Remember, each letter you add makes it approximately 25 times harder to guess. 25^8 - that gives 152 G combinations. [And I'm currently assuming that you use alphabet only. Add in the possibilities of another 15 or so digits and puncuation marks, difference betwen upper and lower case, which gives us 25 * 2 + 15 -> 65 different "characters"], which gives 318 T combination. If a 2GHz computer could generate 1 every clock-cycle, it would take 318000 seconds to work through all 8 letter combinations. That's a mere 4 days or so. But since passwords are usually stored as some complex HASH-number, we end up with something that takes thousands of cycles just to create the and compare the hash. So instead of 4 days, we're talking 4000 days, or a little over 10 years for one machine. Of course only one year if you have 1000 machines working on it.

Of course, ten letter password would take 4225 times longer - so now we need 4 million machines working full force 24/7 for a year before we have cracked the password - ok, so on average, over a large number of passwords, you may only take half that time - but it's an awfull lot of computing power to spend for getting into someones personal secrets. And if it's really valuable stuff, then you probably don't want a "random password generator" as your "security option".

Sorry for the length of that...

--
Mats

--
Mats

Thank you so much! Early morning (Worked on it around 6 AM) programming makes a messy programmer.
This project is just for learning purposes, so it's not really recommended to use, just to look at the source to learn.
Also, I use 20+ character passwords myself, I may just be paranoid, but it's how I work.

Code:

#include<stdio.h>
#include<stdlib.h>

#define LEN 20

int main() {
    FILE *fp;
    int x;
    char random;
    char pass[21];
    
    fp = fopen("pass.txt", "w");
    
    for(x=0; x<LEN; x++) {
            random = strcopy(random,rand()%5+62);
            pass[x] = random;
    }
    pass[21] = '\n';
    fprintf(fp,pass,"w");
    
    getchar();
    return 0;
}

New code, now I'm getting these:
[Linker error] undefined reference to `strcopy'
ld returned 1 exit status

Sorry if it's an obvious answer, I'm looking at everything right now trying to find the answer.

If you mean "strcpy" then it's got exactly the same problem as strncat() - it takes two strings as argument.

If you have a 20 character password, then you probably should consider whether it's easily crackable or not - a password that consists of "words" is usually easy to crack. It is better to have something shorter that doesn't contain just letters. Using digits and punctuation marks makes it much less likely to be found through "lookup" [that means, you use a dictionary to list all words as passwords, or pairs of words, and then compare the resulting password hashes with the passwords of the system.]

Billboard is a bad password.

B!llb04rd is much better password - it's certainly not in a dictionary, and it's a combination of all three of letters, numbers and punctuation. And equally easy or hard to remember. [Well, you have to remember what letters you replace with what numbers/punctuations].

Of course, it's still not ideal. A good password is
F-rp4#rb% - but that means absolutely nothing to me, and as far as I know, no-one else - it was just something I randomly typed on the keyboard to make up a "good password". The fact that it means nothing to anyone makes it good, because it's "impossible" to guess, right? But it's also almost impossible to remember...

--
Mats

Originally Posted by matsp

If you mean "strcpy" then it's got exactly the same problem as strncat() - it takes two strings as argument.

If you have a 20 character password, then you probably should consider whether it's easily crackable or not - a password that consists of "words" is usually easy to crack. It is better to have something shorter that doesn't contain just letters. Using digits and punctuation marks makes it much less likely to be found through "lookup" [that means, you use a dictionary to list all words as passwords, or pairs of words, and then compare the resulting password hashes with the passwords of the system.]

Billboard is a bad password.

B!llb04rd is much better password - it's certainly not in a dictionary, and it's a combination of all three of letters, numbers and punctuation. And equally easy or hard to remember. [Well, you have to remember what letters you replace with what numbers/punctuations].

Of course, it's still not ideal. A good password is
F-rp4#rb% - but that means absolutely nothing to me, and as far as I know, no-one else - it was just something I randomly typed on the keyboard to make up a "good password". The fact that it means nothing to anyone makes it good, because it's "impossible" to guess, right? But it's also almost impossible to remember...

--
Mats

Wow I let hands go and type an o in there. And I had made random an array beforehand so I put strcpy in to make it work, I took it out and now it works!

Thank you so much for all of your help!

Code:

#include<stdio.h>
#include<stdlib.h>
#include <time.h>

#define LEN 20

int main() {
    FILE *fp;
    int x;
    char random;
    char pass[21];
    
    fp = fopen("pass.txt", "w");
    
    srand((unsigned int)time(0));
    
    for(x=0; x<LEN; x++) { 
            random = rand()%5+62;
            pass[x] = random;
    }
    printf("%s", pass);
    fprintf(fp,pass,"w");
    
    getchar();
    return 0;
}

Billboard is a bad password.

B!llb04rd is much better password - it's certainly not in a dictionary, and it's a combination of all three of letters, numbers and punctuation. And equally easy or hard to remember. [Well, you have to remember what letters you replace with what numbers/punctuations].

Not much better . . . I read something on Wikipedia the other day about this. It seems that most dictionary password breakers have this sort of thing integrated into them. I thought it was here, but I can't find it now. http://en.wikipedia.org/wiki/Password_cracking

Also see this (I know it's not a real generator, but still): http://en.wikipedia.org/wiki/Random_password_generator

Originally Posted by My Overflow

Here's the source and the error messages I'm receiving:

Code:

#include<stdio.h>

#include<stdlib.h>

#define LEN 20
...

Errors/Warnings:
[Warning] passing arg 1 of `strncat' makes pointer from integer without a cast
incompatible types in assignment

Post any code corrections or ideas that may help. Thank you!

I know you've re-done your program (very nicely btw), but I wanted to add that when you use a string keyword, you need to include string.h in your program.

Originally Posted by Adak

I know you've re-done your program (very nicely btw), but I wanted to add that when you use a string keyword, you need to include string.h in your program.

Just to clarify: whenever you use a function from a header file, you need to include that header file.

Functions from string.h are often called str*(), like strcpy(), strcspn(), or strncat(), although not always. http://www.cppreference.com/stdstring/index.html

@Adak: At first I thought you were talking about C++'s std::string. "string" isn't a keyword in C or C++ . . .