First of all, your strncat is the wrong way around [it's strncat(dest, src, size)]
Second, your "random" is a single char, so strncat can't "append" it, since it's not actually a string. You may not realize the difference, but a string is a "sequence of zero or more characters terminated by a zero-character", whilst a char is "exactly one character".
The reason the compiler says what it does, is that the first two parameters to strncat() are representing a string as "a pointer to a sequence of characters (terminated bya zero-character)".
I personally would do the appending of a single character by hand, using an index into the string.
I would also like to say that a 20 character long password is terribly hard to remember. 8-10 letters is sufficent to make it HARD to guess. Remember, each letter you add makes it approximately 25 times harder to guess. 25^8 - that gives 152 G combinations. [And I'm currently assuming that you use alphabet only. Add in the possibilities of another 15 or so digits and puncuation marks, difference betwen upper and lower case, which gives us 25 * 2 + 15 -> 65 different "characters"], which gives 318 T combination. If a 2GHz computer could generate 1 every clock-cycle, it would take 318000 seconds to work through all 8 letter combinations. That's a mere 4 days or so. But since passwords are usually stored as some complex HASH-number, we end up with something that takes thousands of cycles just to create the and compare the hash. So instead of 4 days, we're talking 4000 days, or a little over 10 years for one machine. Of course only one year if you have 1000 machines working on it.
Of course, ten letter password would take 4225 times longer - so now we need 4 million machines working full force 24/7 for a year before we have cracked the password - ok, so on average, over a large number of passwords, you may only take half that time - but it's an awfull lot of computing power to spend for getting into someones personal secrets. And if it's really valuable stuff, then you probably don't want a "random password generator" as your "security option".
Sorry for the length of that...
--
Mats
--
Mats