-2

The code shown below is for a program that generates a random password. The password char makeup itself is fine, but the issue comes with the password length. It is supposed to be a random number between 12 and 20(upper and lower). However it always sets to 1 value per device. I'm aware that this is a seeding issue but I do not know what seed to use. If anyone has suggestions, please comment them below.

#include <stdio.h>
#include <stdlib.h>
#include <time.h>

int main()
{
    int lower = 12, upper = 20, count = 1;
    int i;
    for (i = 0; i < count; i++) {
    int num = (rand() %
    (upper - lower + 1)) + lower;
    int N = ("%d", num);
    **srand(time(0));**
    randomPasswordGeneration(N);
    return 0;
}

}
void randomPasswordGeneration(int N)
{
    int i = 0;
    int randomizer = 0;
    char numbers[] = "0123456789";
    char letter[] = "abcdefghijklmnoqprstuvwyzx";
    char LETTER[] = "ABCDEFGHIJKLMNOQPRSTUYWVZX";
    char symbols[] = "!@#$^&*? -_/";
    char password[N];
    randomizer = rand() % 4;
    for (i = 0; i < N; i++) {

        if (randomizer == 1) {
            password[i] = numbers[rand() % 10];
            randomizer = rand() % 4;
            printf("%c", password[i]);
        }
        else if (randomizer == 2) {
            password[i] = symbols[rand() % 8];
            randomizer = rand() % 4;
            printf("%c", password[i]);
        }
        else if (randomizer == 3) {
            password[i] = LETTER[rand() % 26];
            randomizer = rand() % 4;
            printf("%c", password[i]);
        }
        else {
            password[i] = letter[rand() % 26];
            randomizer = rand() % 4;
            printf("%c", password[i]);
        }
    }
}
Jacob73
  • 9
  • 1
    *"However it always sets to 1 value per device."* - that's gonna need a little more elaboration. And what is `int N = ("%d", num);` supposedly doing? Also, you understand that first for-loop in `main` is using default seeding, as `srand` hasn't been invoked yet, right? Worse, `srand` is repeatedly invoked in the loop, which is very bad. – WhozCraig Oct 03 '22 at 19:49
  • 1
    On Windows 10, why not use the operating system's high-quality security-oriented RNG, and skip manual seeding (and all of its security pitfalls) altogether? https://learn.microsoft.com/en-us/windows/win32/api/bcrypt/nf-bcrypt-bcryptgenrandom – nanofarad Oct 03 '22 at 19:50
  • 2
    `srand` should be called exactly once. See https://stackoverflow.com/questions/7343833/srand-why-call-it-only-once. – user3386109 Oct 03 '22 at 19:51

1 Answers1

0

Answer to my own question: I accidentally put rand above srand. So it was not actually pseuo-random number generation

Broken Code:

int main()
{
    int lower = 12, upper = 20, count = 1;
    int i;
    for (i = 0; i < count; i++) {
    int num = (rand() %
    (upper - lower + 1)) + lower;
    int N = ("%d", num);
    srand(time(0));
    randomPasswordGeneration(N);
    return 0;
}

**Working Code:**

int main()
{
    srand(time(0));
    int lower = 12, upper = 2Oh0, count = 1;
    int i;
    for (i = 0; i < count; i++) {
    int num = (rand() % (upper - lower + 1)) + lower;
    int N = ("%d", num);
    randomPasswordGeneration(N);
    return 0;
}
Jacob73
  • 9