I need advice about my password generator app

[PrimeMinister]

Hey guys, so I want to get some feedback for this little password generator/manager app I'm currently making for PC (specifically for Windows) as well as getting some advice for the future, so here goes for the advice..

 

1.  Where can I release the app exclusively for PC (for now) without paying monthly fees?
2.  Is it a good idea to make the app open-source?
3.  Would this be a good thing to add to a portfolio or should I convert the code to a more well-known language first? (It's all going to be and is coded all in Delphi Pascal, because it's the only language I know at the moment)
4. Any other suggestions and stuff regarding the app's GUI,etc..

 

I'm still going to tinker and whatnot but I can't do as much as I'd like rn as I'm in my first round of final exams. And this is the pre-pre-pre-alpha version of my final idea for the app, it's only a really basic password generator at the moment.

 

Link to the github of the app : https://github.com/Kiryu02/SimPasGen

 

Thanks in advance for the feedback/advice!

Regards

Ya Boi Minister

[LAwLz]

3 hours ago, PrimeMinister said:

•  Where can I release the app exclusively for PC (for now) without paying monthly fees?

Your own website.

GitHub

Dropbox

OneDrive

Mega

Pretty much any file sharing website.

 

3 hours ago, PrimeMinister said:

•  Is it a good idea to make the app open-source?

Sure! Why wouldn't it?

 

3 hours ago, PrimeMinister said:

•  Would this be a good thing to add to a portfolio or should I convert the code to a more well-known language first? (It's all going to be and is coded all in Delphi Pascal, because it's the only language I know at the moment)

I think doing both is a good idea, but it depends on what job you're applying for.

Just make sure the programs are well written if you add them to your portfolio.

[LogicalDrm]

-> Moved to Programming

[PrimeMinister]

7 hours ago, LAwLz said:

Your own website.

GitHub

Dropbox

OneDrive

Mega

Pretty much any file sharing website.

 

Sure! Why wouldn't it?

 

I think doing both is a good idea, but it depends on what job you're applying for.

Just make sure the programs are well written if you add them to your portfolio.

 I wanna become a web and mobile developer, so I'll probably have to make it a web app or convert it to a mobile app then? I'll just continue uploading to github then for now until I've built my own website in future. Thanks for the advice!

[PrimeMinister]

10 hours ago, James Evens said:

Do your self the favour and convert the Delphi project to a Lazarus one.

Just a side note: randomise only needs to be called once.

 

Beside that there are more then enough password generator apps with more functionality.

I am currently revamping the code I'm using for the app entirely and I'm going to add a password manager aspect to it as well (I made this about 2 years ago and I'm gonna use what I've learnt up until now to improve it and I also realized that I don't even have to use randomize,lol). Btw why should I convert it to Lazarus? (probably a noob question)

[mariushm]

Lazarus is open source Pascal/Delphi, free ... you have to pay for Delphi and there's no 64 bit old delphi runtimes as far as I remember.  The newer Delphi releases are really expensive

 

The application is too simple to be worth any money.

I applaud you for making something, for learning programming and doing something useful, but the reality is I could open Visual Basic 6 or whatever free VB .Net / c# .Net Microsoft offers now and replicate the application in less than 5 minutes.

 

At the minimum, you'd have to:

* add some sort of "Copy password to Clipboard" functionality.

* some websites force passwords to be at least  8 characters, have at least one uppercase, and at least one character from a set of characters like !$@# etc ... not sure if you do that 

* store the passwords in a proper file and not just plain text (sqlite database, json file, xml file, even ini file) so that you could open/import old files in future versions of your application (what if you add something like a comment, or website address, title etc to the text file ... you have no versioning system, no file format that could skip over things it doesn't understand or support)

* maybe add a master password  which is then used to encrypt the passwords inside the file/database - it can be something simple like xor-ing each byte followed by replacing each character with another based on the master password .. see https://en.wikipedia.org/wiki/Caesar_cipher for example

 

it wouldn't hurt to add an "always on top" option ... see the SETWINDOWPOS windows API function : https://docs.microsoft.com/en-us/windows/win32/api/winuser/nf-winuser-setwindowpos

 

There's also no point in the Maximize button on the application, you can customize the window to disable that button.

 

oh and there's at least one bug ... you forgot to disable the option that underlines characters which have a & before them , or you're not "escaping" the & characters when showing the generated password.

ex   the password actually has a &Y in it, but by default & in front of a letter means underline it ... it's supposed to be for menus, so users know to press Alt+F when File has F underlined...etc

 

 

 

edit :  and I just checked the actual code to see how you're generating the password, it's really amateur-ish and you're reducing the password complexity by always having the numbers and special characters in the same locations

 

 cChar1 := arrSpecial[Random(8) + 1];
  cChar2 := arrSpecial[Random(8) + 1];
  iNum1 := Random(65) + 1;
  iNum2 := Random(65) + 1;
  sLetter2 := Uppercase(arrLetters[Random(26) + 1]);
  sLetter4 := Uppercase(arrLetters[Random(26) + 1]);
  sLetter1 := arrLetters[Random(26) + 1];
  sLetter3 := arrLetters[Random(26) + 1];
  sPassword:=sLetter2+cChar1+IntToStr(iNum1)+sLetter4+cChar2+sLetter1+IntToStr(iNum2)+sLetter3;
  pnlPasswordOut.Caption:= sPassword;

That's not how it's done.

 

I'll give you an example in a few minutes....

 

[PrimeMinister]

22 minutes ago, mariushm said:

 

Oof, judging by the screenshot you sent the version of the app I have in github is a lot older than I thought. I'll update it later, I improved it a lot since then.

 

Quote

store the passwords in a proper file and not just plain text (sqlite database, json file, xml file, even ini file) so that you could open/import old files in future versions of your application (what if you add something like a comment, or website address, title etc to the text file ... you have no versioning system, no file format that could skip over things it doesn't understand or support)

The newer version does save the passwords to the text file, with a email and name for the password (they will be added later on)

 

Quote

* maybe add a master password  which is then used to encrypt the passwords inside the file/database - it can be something simple like xor-ing each byte followed by replacing each character with another based on the master password

Could you maybe elaborate on this, cause I'm a bit confused...

 

Quote

* add some sort of "Copy password to Clipboard" functionality.

* some websites force passwords to be at least  8 characters, have at least one uppercase, and at least one character from a set of characters like !$@# etc ... not sure if you do that 

it wouldn't hurt to add an "always on top" option ... see the SETWINDOWPOS windows API function : https://docs.microsoft.com/en-us/windows/win32/api/winuser/nf-winuser-setwindowpos

 

There's also no point in the Maximize button on the application, you can customize the window to disable that button.

The copy to clipboard idea is pretty good, thx! I do have special characters in all but one of the security levels on the app but I'll add it to the level (I'll put the pic of the app as of now at the bottom of the post for context). I can try to set the position via Delphi but I'll need to look that up again, lol.

 

Here's the current GUI (btw the panel next to the Generate Password button only displays messages and not the password anymore):

 

But anyway, thanks for the advice, my man!

[mariushm]

@PrimeMinister

 

Here's an example of generating a password I just wrote : https://github.com/mariush-github/small_projects/blob/main/password_generate.php

 

Check it out and let me know if you have any questions

 

ps... if you wonder about hexadecimal codes, open "Character map" on your computer and set the font to "Terminal" or "Courier New" and you'll see in the status bar those codes when clicking on a character.

 

example output :

 

character set 0, count=2 
charset 0, char 0, at position 10
charset 0, char 1, at position 5
character set 1, count=2 
charset 1, char 0, at position 2
charset 1, char 1, at position 12
character set 2, count=3 
charset 2, char 0, at position 7
charset 2, char 1, at position 8
charset 2, char 2, at position 6
character set 3, count=11 
charset 3, char 0, at position 0
charset 3, char 1, at position 11
charset 3, char 2, at position 3
charset 3, char 3, at position 15
charset 3, char 4, at position 14
charset 3, char 5, at position 4
charset 3, char 6, at position 1
charset 3, char 7, at position 9
charset 3, char 8, at position 13
Your password is: by9pv"SRLu$c8yjx

 

[LAwLz]

35 minutes ago, PrimeMinister said:

The newer version does save the passwords to the text file, with a email and name for the password (they will be added later on)

 

Could you maybe elaborate on this, cause I'm a bit confused...

Saving passwords as clear text = bad. 

You do not want someone who happens to get access to your computer (either through you forgetting to lock it or someone physically taking it) to just be able to see all your passwords without requiring any password. 

 

That's why password managers like KeePass (which is open source so feel free to look at it for inspiration) requires a password to open its database. 

[PrimeMinister]

35 minutes ago, LAwLz said:

Saving passwords as clear text = bad. 

You do not want someone who happens to get access to your computer (either through you forgetting to lock it or someone physically taking it) to just be able to see all your passwords without requiring any password. 

 

That's why password managers like KeePass (which is open source so feel free to look at it for inspiration) requires a password to open its database. 

Ahhhhhhh ok, makes sense. Thx for clarifying!

[PrimeMinister]

40 minutes ago, mariushm said:

@PrimeMinister

 

Here's an example of generating a password I just wrote : https://github.com/mariush-github/small_projects/blob/main/password_generate.php

 

Check it out and let me know if you have any questions

 

ps... if you wonder about hexadecimal codes, open "Character map" on your computer and set the font to "Terminal" or "Courier New" and you'll see in the status bar those codes when clicking on a character.

 

example output :

 

character set 0, count=2 
charset 0, char 0, at position 10
charset 0, char 1, at position 5
character set 1, count=2 
charset 1, char 0, at position 2
charset 1, char 1, at position 12
character set 2, count=3 
charset 2, char 0, at position 7
charset 2, char 1, at position 8
charset 2, char 2, at position 6
character set 3, count=11 
charset 3, char 0, at position 0
charset 3, char 1, at position 11
charset 3, char 2, at position 3
charset 3, char 3, at position 15
charset 3, char 4, at position 14
charset 3, char 5, at position 4
charset 3, char 6, at position 1
charset 3, char 7, at position 9
charset 3, char 8, at position 13
Your password is: by9pv"SRLu$c8yjx

 

Thx, I'll check it out