Assignment Title: Password manager

Coursework Type: Individual

Module Name:
ST4061CEM Programming and Algorithms

Submitted By: Submitted To:

CU ID:14805851 Name: Suman
Shrestha
College ID: 230518
Name: Dipesh Dhakal
Acknowledgement
I would like to express my heartfelt gratitude to their module teacher, Mr. Suman Shrestha, for
giving his valuable time and providing helpful advice. They also acknowledge his contribution to
improving the quality and accuracy of my report, as well as his guidance in honing their research
and problem-solving abilities. They also thank Softwarica College and Coventry University for
providing them with this fantastic opportunity, highlighting how the experience gained from this
project has been invaluable for their personal and academic development.

2 | 14805851
Abstract
The discussion basically points out the significance of the password managers regarding ensuring
securely storing as well as retrieving the personal data. For instance, weak passwords
compromise security while on the other hand, traditional password managers do not offer
convenience in that users need to regularly keep inputting the security tokens. While the paper
presents a framework for a password manager, it lays the main emphases not only on high
security but also as high level of usability. The framework integrates secret sharing and personal
servers to enhance the provision of protection from data breaches. The proposed system follows
essential security practices though the paper identifies such potential risks as extraction of
sensitive information under certain circumstances. To protect user passwords, a system uses
either an expert password or a security token, trying therefore to show the strong security
measures and at least some friendly experiences in the password management.

3 | 14805851
Contents
Acknowledgement............................................................................................................................2
Abstract.............................................................................................................................................3
Introduction......................................................................................................................................5
Literature review..............................................................................................................................5
Key concept......................................................................................................................................6
Code Structure..................................................................................................................................6
Methodology.....................................................................................................................................8
Algorithm......................................................................................................................................8
Code Explanation........................................................................................................................10
Conclusion......................................................................................................................................16
Future Enhancement.......................................................................................................................16
Reference........................................................................................................................................17

4 | 14805851
Introduction
Password manager is specialized software, which automates the process of password generation
and storage. It can store some other frequently used information too. Example could be - it may
manage passwords, for example, on several web pages. These passwords can be safely kept in a
password vault and these password managers help make as well as recall for newer and unique
passwords for various accounts. For granted, password managers can analyze other related details
provided by their users, and they are both options secure. Such applications could be installed
locally on the device or accessed through cloud-based services and enterprise solutions. Today,
Bit warden, 1Password, Dash lane, and LastPass are new tools that are becoming very popular as
password managers. These services create strong passwords as well as inform about leaks and
store personal information safely.

Literature review

A password manager is a computer device that helps you manage your online passwords and
keeps them secure. Creating and remembering secure passwords for all your associated accounts
can be a challenge but to overcome this problem recommends the generation and storage of
secure passwords using a password manager. Password manager will enable all your login
credentials to be stored in a secure vault and retrieves them using one common password called a

5 | 14805851
master pass. The managers are designed to protect and encrypt your information such that
unauthorized hands cannot access it. They are also easy-to-use and reachable from multiple
devices. When choosing the password manager, ensure it is fuss-free, compatible with your
devices as well as browsers and serves to all kind of your security preferences.

Key concept
The code uses a struct called Password Entry to store the website, username, and password for
each password manager entry.
To produce a random password, the code calls the generateRandomPassword function. This
program generates a password at random by picking characters from a specified character set.
User Input: The code reads user input for the website, username, and password using fgets. It also
uses scanf to read the user's password-generation customs.
The structure which holds the password information is an array of structures called
'PasswordEntry'. Each structure in that array will hold data specific to a particular website, such
as the title of the website, the user name for the site and the actual password. The constant
MAX_LENGTH sets the limit on how many passwords are to be held. Therefore the application
will store only a few number of passwords, defined by the value of MAX_LENGTH.

Code Structure
1. The code begins by including the necessary header files, which are pre-written code
libraries. It then creates a rule (constant) named 'MAX_LENGTH' that limits the number
of passwords that the application can take. It also includes a new rule called
'AUTO_GENERATE_LENGTH', which controls the length of passwords created
automatically by the program. Simply put, these constants act as program guidelines,
limiting the number of passwords stored and determining the length of automatically
generated passwords.

2. Following that, the code creates a structure named 'Password Entry'. This structure
resembles a container with three slots, each capable of holding text. These slots are
specifically designed to hold website information, including a username and password.
Simply put, it creates a structured method for organizing and storing data about websites,
usernames, and passwords within the program.

6 | 14805851
 3. The code includes a function called 'generateRandomPassword' that takes two variables:
a character slot (array of characters) and a length. This function generates a random
password. It achieves randomness by selecting characters from an identified list. After
creating the password, it enters it into the specified character array. In basic terms, the
function generates and stores a random password with a specified length.
4. The system contains method "add Password" whereby the user can input new entries of
passwords. It guides the users on how they can put their username, enter their password,
and the details of the website. The user should key in the details manually or they can be
generated by the application as a password. It is important to mention that, for this type of
method, an error message throws itself out if the length of the required password goes
beyond the return storage capacity. This function may be relevant for new passwords
because it is not format specific. If there is no more space for additional passwords, users
will be notified of this limitation.
5. The getPassword function is intended to retrieve a password associated with a particular
website. It starts by asking the user to enter the website's name before searching the
stored passwords for a match. If a match is found, it displays the username and password
for that website. If no matching entry is found, the function returns a message informing
the user that there is no password stored for the specified website. In layman's terms, this
function allows users to retrieve passwords for specific websites while also informing
them if the password is not saved in the program.
6. The main function acts as the program's starting point. It generates an array of
'PasswordEntry' structures and assigns a variable called 'count' to keep track of the
number of passwords stored. The program then shows the user a menu with options to
create a new password, retrieve a password, or exit the program. The function reads the
user's decision and takes appropriate action based on it. Essentially, it functions as a
control center, managing the program's overall flow by responding to the user's menu
selection.

7 | 14805851
Methodology
Algorithm
1. Start:

- Include necessary header files: `<stdio.h>`, `<stdlib.h>`, `<string.h>`, `<time.h>`.

- Define constants: `MAX_LENGTH` (50) and `AUTO_GENERATE_LENGTH` (12).

- Define a structure `PasswordEntry` to hold website, username, and password.

2. Password Generation Function (`generateRandomPassword`):

- Initialize a character set with letters, numbers, and special characters.

- Set up a loop to iterate over the desired password length.

- Randomly select characters from the character set and append them to the password.

- Null-terminate the generated password.

3. Add Password Function (`addPassword`):

- Check if the password storage is full (`count >= MAX_LENGTH`).

- If the blank is filled out, return with an error message.

- Declare a new `PasswordEntry` variable.

- Prompt the user to enter the website.

- Prompt the user to choose between a manual or auto-generated password.

- If manual:

- Prompt the user to enter the username and password.

- If auto-generate:

- Call `generateRandomPassword` to generate a password.

- Display the auto-generated password.

- Add the new entry to the `passwords` array.

8 | 14805851
 - Increment the `count` variable.

- Display a success message.

4. Get Password Function (`getPassword`):

- Request that the user access the website in order to retrieve their login information.

- Loop through the stored passwords:

- If a match is found, display the associated username and password, then return.

- If no match is found, display a message indicating no password was found.

5. Main Function (`main`):

- Declare an array of `PasswordEntry` structures called `passwords`.

- Declare variables: `count` to track the number of stored passwords, and `choice` to store the
user's menu choice.

- Enter an infinite loop.

- Display the Password Manager Menu:

- Option 1: Add a password

- Option 2: Get a password

- Option 3: Exit

- Prompt the user to enter a choice.

- Read and store the user's choice.

- Consume the newline character using `getchar()`.

6. Menu Switch:

- Use a `switch` statement to handle the user's choice.

- Case 1: Call `addPassword` function, passing the `passwords` array and the address of
`count`.

9 | 14805851
 - Case 2: Call `getPassword` function, passing the `passwords` array and the current `count`.

- Case 3: Display an exit message and terminate the program using `exit(0)`.

- Default: Display an error message.

7. End:

- Return 0 to signal successful program execution.

Code Explanation
This C program serves as a simple command-line password manager that allows users to store
passwords for different websites and retrieve them when needed. It includes features for adding
new password entries and generating random passwords. Let's break down the code.

1. Inclusion of Header Files:

```c

#include <stdio.h> // For input/output functions

#include <stdlib.h> // For general utility functions like exit()

#include <string.h> // For string manipulation functions like strcmp()

#include <time.h> // For time-related functions

2. Definitions:

10 | 14805851
3. PasswordEntry Struct:

typedef struct {

char website[MAX_LENGTH];

char username[MAX_LENGTH];

char password[MAX_LENGTH];

} PasswordEntry;

This creates a structure `PasswordEntry` to hold details for an entry with fields for website,
username, and password.

4. Random Password Generator Function:

void generateRandomPassword(char *password, int length)

11 | 14805851
This function generates a random password by iterating `length` number of times and randomly
choosing characters from the given `charset`. The `srand()` function is called with the current
time so that `rand()` generates different sequences of pseudorandom numbers on each run.

5. Add Password Function:

void addPassword(PasswordEntry *passwords, int *count)

12 | 14805851
The {passwords` array can have a new password item added to it using this function. It requests
information from the user and determines if greater space is required for a password (which can
be set automatically or manually inputted).

6. Get Password Function:

void getPassword(PasswordEntry *passwords, int count)

When invoked, this function looks for an entry in the array that matches the provided website and
prints the username and password if found.

7. Main Function (`int main()`):

8. The `main` function is the entry point of the program. It uses an array of
{PasswordEntry} called `passwords} to store entries and a count` to estimate the number
of passwords. It continually shows a menu using `while (1)}, allowing the user to add or
recover passwords or end the application.

13 | 14805851
 9. Conditional Compilation:

A series of `switch` statements are used both inside `addPassword` and `main` to handle different
cases based on the user's input and choice.

10. Ensuring Clean Input:

14 | 14805851
Before reading inputs using `fgets()`, it calls `getchar()` to consume any lingering newline
character left in the input buffer by the previous `scanf()`.

11. Exit Mechanism:

15 | 14805851
The option to exit is provided in the menu which, upon selection, ends the execution using
`exit(0)`.

16 | 14805851
NOTE:

 There is no persistent storage; the data is lost when the program exits because entries are
stored in-memory.
 The function `generateRandomPassword` might lead to the same password being
generated if called multiple times rapidly since `srand()` is seeded with the current time.
 The program uses `fgets()` for string input to handle spaces, and `strcspn()` to strip the
newline character at the end.
 The passwords and the manner in which they are kept are not protected or secured. This is
a very basic way of managing passwords, and in real-world scenarios where security is a
problem, it should not be used.
 It could be more flexible to use dynamic memory allocation as opposed to the easy static
allocation method of using {#define} to establish the maximum length for strings and
password count.

Conclusion
A password manager is a program that generates and retains long passwords of online accounts. It
helps the user organize login names and keeps one safe from both online and offline breaches.
The risk that comes from using a password manager is almost nil since the benefits of the
software used far outweigh the drawback as most users feel. It is practically impossible to
remember the complex passwords for various internet accounts. Features such as encryption, two-
factor authentication, and password generation make password managers the most reliable
methods for securing your login details from potential keylogging and SQL injection attacks.
Using a password manager will make it easy to create and remember all your strong passwords in
an easy and efficient way.

Future Enhancement
When the login credentials are used, they are created using a program called password managers.
Their strong, random passwords themselves are encrypted to blow anything that even some of the
most clever hackers could somehow break in. Some can detect bullshit login attempts and
additionally supply two-factor authentication. Using password manager is more secure than
writing down or even using the same password for all your accounts. It gives comfort and
security to your accounts.

17 | 14805851
Reference
Bisceglia, N. (n.d.). How do password managers work? TeamPassword. ,

from https://teampassword.com/blog/how-do-password-managers-work

(N.d.). Cybernews.com.

from https://cybernews.com/best-password-managers/are-password-managers-safe/

18 | 14805851