great. now time for copying and make some adjustment (i hope not). thanks!
If you dont mind i will (with some time) transfer this logic to other language too. php perhaps..
Printable View
great. now time for copying and make some adjustment (i hope not). thanks!
If you dont mind i will (with some time) transfer this logic to other language too. php perhaps..
no i won't mind, maybe i will do it myself someday (i would have to learn another language first :)), but i would appreciate it if you'd show me the result :D
Looks okay, just my $0.02:
Using a user-supplied salt is less valuable to me from a password generation standpoint than a seed. The point of a seed is that the output will remain the same. A patch for the above code to change the "salt" parameter into a seed parameter, thus ensuring unerring continuing seeded number generation following a clock tick or other change.
Hope you don't mind about the code changes. I also would recommend setting the return value when the application hits the Usage message to something other than 0. 0 means exit success, but if you are displaying the usage, the application (from a script perspective) was not executed correctly. Return something other than 0 if the usage is displayed. This is included in the patch I pasted above.Code:--- pwgncl.c 2004-08-12 02:31:08.000000000 -0400
+++ pwgncl.c 2004-08-12 03:02:15.000000000 -0400
@@ -31,7 +31,7 @@
int characterset=0;
int password_length=0;
int user_supplied=0;
- if(argc!=4)
+ if(argc < 3 || argc > 4)
{
printf("\npwgenCL_2,commandline password generator, Copyright (C) 2004 Scorpius");
printf("\n\npwgenCL_2 is free software; you can redistribute it and/or modify");
@@ -53,26 +53,26 @@
printf("\n5: (A-Z,a-z,0-9)\t\t\t\thard password");
printf("\n6: (a-z,0-9, \\ ] [ ^ _ )\t\t\thard password");
printf("\n7: ( ! \" # $ % ' ( * ) + , - . / ,a-z,0-9)\tvery hard password");
- printf("\n8: full keyboard characters (except space), almost impossible to crack\n\n");
- printf("The maximum password length is 256 characters\n");
- printf("Usage: %s <characterset> <password length> <user supplied number>\n",argv[0]);
- printf("\n*The <user supplied number> is inserted to create extra randomness*\n");
- printf("\nExample: %s 8 15 5454303\n",argv[0]);
- return 0;
- }
-
- if(argc==4)/*if all parameters, (characterset,passwordlength,randomization number) run the program*/
- {
- characterset=atoi(argv[1]);/*create integer from the argument*/
- password_length=atoi(argv[2]);/*create integer from the argument*/
- user_supplied=atoi(argv[3]);/*create integer from the argument*/
+ printf("\n8: full keyboard characters (except space), almost impossible to crack\n");
+ printf("\nThe maximum password length is 256 characters\n");
+ printf("Usage: %s <characterset> <password length> <user supplied number>",argv[0]);
+ printf("\n*The <user supplied number> is an optional seed*");
+ printf("\nExample: %s 8 15 5454303\n\n",argv[0]);
+ return 1;
+ } else {
+ /*if all parameters, (characterset,passwordlength,randomization number*) run the program*/
+ characterset=atoi(argv[1]); /*create integer from the argument*/
+ password_length=atoi(argv[2]); /*create integer from the argument*/
+ if (argc == 4)
+ {
+ user_supplied=atoi(argv[3]); /*create integer from the argument*/
+ }
if (password_length<1)
{
printf("Password length: %d is too small.\n",password_length);
return -1;
- }
- if (password_length>256)
- {
+ } else if (password_length>256) {
printf("Password length: %d is too large.\n",password_length);
return -1;
}
@@ -110,14 +110,19 @@
}
return 0;
}
- else return -1;
}
/*the password generator function*/
char *generated_password(char* char_set, int length,int user_number)
{
- srand(user_number*time(NULL));
+ if (user_number != 0)
+ srand(user_number);
+ else
+ srand(time(NULL));
+
int loop;
int set_length=strlen(char_set);
i thought i had the return -1 in the usage section, must have accidentally changed it when rewritting the code..
as for the seed, i understand what you mean, but i especially did it like this, since i'm almost positive that it wont happen that, two users would run the program at the same time AND with the same usersupplied number.
if i would do it like your code, it would be the same output everytime you enter the same usersupplied number., it wouldn't have anything to do with randomness anymore (correct me if i'm wrong) but that is the reason i didn't do that.
Nope, you're correct. I wasn't saying that was a bad approach or anything, just that for my purposes, it could be used slightly differently, so I was providing the changes to others (as the GPL requires, I submit the patch back to you if you are interested). :D
oh, ok, well just as the GPL is for, you are free to change the source to suite your own needs :D
and of course i'm interested, i'm always eager to learn and to see how other people solve a problem :)
that's the beauty of opensource :D
grtz
Keezel, password generators are used to board a large number of user accounts at once and assign passwords to them AUTOMATICALLY, perhaps from another database or something. For instance I have a program that "steals" user data from the HR database, GENERATES a password, prints the user name automatically based on the first name and last name, then prints out a copy (for me) and mails it to the user. So the user gets
Hi, John Doe welcome bla bla bla;
Here is your Username: jdoe
Here is your password: jn2342de
There are many uses for password generator and I like this one because it's better the one I ad hoc'd one night. :)