-1

I am creating a C program to generate passwords.

rand() in C keep generating some same set of strings even using srand((unsigned int)**main + (unsigned int)&argc + (unsigned int)time(NULL)) found in here but better than using srand(time(NULL))

I found this answer, and I finally know how to link libsodium to my project.

After that, I realise I only can set the upper bound for randombytes_uniform(), the lower bound is always 0.

And using randombytes_random() give me all kind of characters that cannot use in password.

Can anyone know how to generate character space(32) to character ~(126) using sodium or any secure way to generate character?

Here is the original code:

#include <stdio.h>
#include <stdlib.h>
#include "sodium.h"
#pragma warning (disable:4996)

void main(int argc, char **argv){

    /* Length of the password */
    int length, num, temp, number;
    num = 10;
    length = 10;
    number = num;

    clear_screen();

    /* Seed number for rand() */
    srand((unsigned int)**generate_standard_password + (unsigned int)&argc + (unsigned int)time(0));

    while (num--)
    {
        temp = length;
        printf("\n\t%2d. ", (number - num));
        while (temp--) {
            putchar(rand() % 56 + 65);
            srand(rand());
        }
        temp = length;
    }
    printf("\n\n\t");
    system_pause();
}
dbush
  • 205,898
  • 23
  • 218
  • 273
wei
  • 937
  • 2
  • 14
  • 34

2 Answers2

2

There are 126 - 32 + 1 = 95 characters for you to choose from. So mod the result of rand by 95, then add 32. That will give you a number in the range you want.

The reason you keep getting the same set of characters is because you're reseeding after every call. You should only seed once at startup,

while (temp--) {
    putchar((rand() % 95) + 32);
}
dbush
  • 205,898
  • 23
  • 218
  • 273
1

Do not use r mod h if h doesn't divide max(r) + 1, or else the output will be biased towards lower values.

The rand() function returns a value between 0 and RAND_MAX, which is typically 2^31. So the output of rand() % 95 is more likely to be 0, 1 or 2 than other values.

This is the whole point of the randombytes_uniform() function in libsodium: to provide unbiased output for arbitrary ranges.

randombytes_uniform(95) returns a value between 0 and 94 (inclusive). Just add 32 if this is what you want: 32 + randombytes_uniform(95).

Frank Denis
  • 1,475
  • 9
  • 12