Hey everyone! I'm new to programming and I've been working on a password generator using C. The project is contained within a single .c file and utilizes standard library functions like rand() and time(). Users can set options at execution or while the program runs, such as length, character set, and seed. The program can also calculate entropy but currently only supports English and ASCII characters. Importantly, it doesn't use malloc(). I consider this project quite comprehensive, but I'd love your thoughts on it: How idiomatic is the code for C? What improvements would you suggest? Do you think the code is generally good or bad? What simple feature could I add to enhance the project? Thanks for your input, and apologies if my English isn't perfect—this is my first time sharing my code publicly!
3 Answers
I see a potential issue with your uninitialized arrays. For instance, you have `char c, pass[256], cs[256];` but are only initializing `optset`. So, without a seed provided, arrays like `pass` may show junk values. It led to unexpected output when I ran it without a designated seed. This could also cause issues with using functions like `strlen()` on uninitialized data, making your code unsafe if the uninitialized memory doesn't contain zeros.
Your project looks decent overall! The names you've chosen for your variables and functions are understandable, but you could be a bit more descriptive. For example, I would suggest renaming your `generator()` function to something like `generatePassword()`, which clearer communicates what the function does. Oh, and I noticed your `seedtoint()` function doesn't function as expected; instead of returning 123 for the string "123", it gives 150. This probably won't disrupt the overall functionality, but it's likely not what you intended.
Thanks for the feedback! I'll consider naming functions better. As for `seedtoint()`, maybe I could rename it to `stringtokey()` to emphasize its function better. I'll also check the names of my other functions for clarity.
What’s your goal with this password generator? Is it meant to create securely random passwords, or is it just an exercise? Because if you're relying on `rand()`, that's not secure. It generates predictable results, which isn’t ideal for generating passwords. You might want to look into more secure alternatives for real-world usage.
It's just a project to practice coding, so I'm not too worried about true randomness right now. It's meant to generate 'random' passwords for learning purposes.
I think the `seedtoint()` function is doing what it needs to; it's converting a string into an integer for use as a seed. Naming it `stringtokey()` might clarify its purpose better. However, if your goal was to convert directly to an integer, using something like `atoi` would be more straightforward.