PASSWORD MANAGER

Adrian Kia, Jaime Paz, Manuel Merino & Maximiliano Martín

COMPUTER PROGRAMMING I
 CONTENTS

1. INTRODUCTION

2. ANALYSIS AND DESIGN

3. FEATURES CONTENT

4. HOW TO BUILD AND TRIGGER THE SOFTWARE

5. HOW AI HELPED

6. PROBLEMS ENCOUNTERED AND SOLUTIONS

1
Introduction

Welcome to the Password Manager project documentation! This tool was

built by our team to help users securely store and manage their passwords.
We’ve incorporated encryption and data integrity checks to ensure your
credentials are protected. Our password manager uses a linked list to
efficiently handle password storage and a background thread that
performs regular backups to avoid losing data. This document explains the
project in detail, including how it works, what features it includes, and how
you can build and use it.

Analysis and Design

This program is a secure, thread-safe password manager implemented in
C. Its primary purpose is to allow users to store and manage their
passwords safely, featuring encryption, checksum verification for data
integrity, and robust error handling. Here’s how the application is
structured and operates:

Core Structure and Data Handling

The program defines a PasswordNode structure to represent individual

password entries, containing fields like service name, username, password,
notes, and a checksum for data integrity. All password records are stored in
a linked list. The file header (FileHeader) contains metadata like version,
record count, and a global checksum for all stored passwords, ensuring
that the data file remains consistent and corruption-free.

2
Encryption and Security Features

To protect sensitive data, passwords and usernames are encrypted using a

simple XOR-based encryption mechanism (encrypt_data and
decrypt_data). The encryption key is predefined as a constant in the
program. A robust checksum calculation is employed using a SHA-inspired
approach to detect tampering or corruption of passwords during storage
or retrieval. Additionally, inputs are validated thoroughly to guard against
invalid or potentially malicious entries, ensuring all fields are properly
sanitized before being processed.

Password Management Features

1. Adding Passwords: Users can add passwords by either manually

entering them or generating secure passwords using the built-in
password generator. The generated passwords are constructed using
a combination of alphanumeric characters and symbols, ensuring
randomness and security. Input validation checks are applied before
the password is added to the system.

2. Viewing Passwords: Users can view stored passwords, which are

decrypted on demand. During this process, the checksum of each
password is recalculated and compared against the stored
checksum to verify integrity. If a mismatch is detected, the password
is flagged as compromised and replaced with asterisks for security.

File Operations

Passwords are saved to and loaded from a binary file (passwords.dat). The
file operations include:

● Writing the metadata (file header) followed by encrypted password

records to ensure secure and consistent storage.

3
 ● Reading and verifying the metadata and records during the loading
process to check for potential corruption or version mismatches.

Backup and Thread Safety

To ensure data persistence, a backup thread runs in the background and

periodically saves the password list to the file. This operation is managed
using a mutex to ensure thread safety and prevent race conditions. The
mutex also protects shared resources like the linked list during other
operations, such as adding new passwords.

User Interface

The program features a simple menu-based interface, allowing users to:

1. Add new passwords.

2. View stored passwords.
3. Exit the application.

Authentication is enforced at the beginning of the program via a master

password (admin123 by default). If the user fails to authenticate, the
program terminates immediately.

Error Handling

The program defines various error codes (StatusCode) to manage and

handle issues like file I/O failures, memory allocation errors, authentication
failures, input validation errors, and data corruption. These error codes are
displayed in user-friendly messages for easier debugging and
understanding.

Cleanup and Exit

When the application exits, it ensures proper cleanup by freeing

dynamically allocated memory, saving passwords, and releasing system

4
resources like the mutex and backup thread. The atexit function is used to
register the cleanup process, ensuring it's executed even in the event of an
abnormal termination.

Key Features at a Glance:

● Data Integrity: Each password’s integrity is ensured with robust

checksums.
● Encryption: XOR encryption is used for securing usernames and
passwords.
● Password Generation: Secure, random password generation with
customizable lengths.
● File Persistence: Passwords are stored securely in a binary file and
periodically backed up.
● Thread Safety: Mutex-protected operations ensure thread-safe access
to shared resources.
● User-Friendly Interface: A simple menu system for adding and
viewing passwords.
● Error Feedback: Comprehensive error codes and messages help the
user troubleshoot issues.

5
Features Content

The code implements various fundamental programming concepts and

techniques. Below is an exploration of the key topics utilized in the project:

Implemented Topics:

1. Threads

The project uses Windows threading to handle the backup functionality. A

separate background thread (backup_thread) is created to periodically save
password data every 5 minutes, without blocking the main program's
execution.

2. Linked Lists

Linked Lists are employed for storing and managing passwords. Each
password record (PasswordNode) is represented as a node in a linked list,
with each node containing service, username, password, notes, checksum,
and a pointer to the next node.

3. Enums & Typedefs

Enums & Typedefs are used for defining custom data types like
StatusCode, which represents various status codes returned by functions.
Additionally, PasswordNode and FileHeader structures are defined using
typedef for cleaner and more maintainable code.

6
 4. Preprocessor Directives & Macros

Preprocessor directives are used throughout the code for defining

constants and macros such as MAX_PASSWORDS, MAX_LENGTH,
MASTER_PASSWORD, FILE_VERSION, ENCRYPTION_KEY, and
BACKUP_INTERVAL. These constants control various aspects of the
program’s behavior, including the maximum password length and the
backup interval.

5. File I/O & Advanced Handling

The project handles file operations such as opening files, reading, writing,
and managing file integrity. Password data is saved in and loaded from a
binary file (passwords.dat). The code includes checksum validation to
ensure the integrity of the data stored in the file.

6. Pointers

Pointers are extensively used for dynamic memory management, linked

list manipulation, and efficient handling of large structures. The
password_list is a pointer to the head of the linked list, and new nodes are
dynamically allocated using calloc.

7. Bit Manipulation

The project utilizes bit manipulation in the encryption and checksum

calculation functions. The XOR operation is applied to encrypt and decrypt
password data. This approach is a simple form of bitwise encryption,
ensuring the privacy of the password data.

7
 8. Error Handling

Error handling is implemented through the use of a custom StatusCode

enum, which provides distinct error codes for various failure scenarios.
Each critical function checks for possible errors (e.g., file access, memory
allocation) and returns the corresponding error code.

Not Implemented Topics:

1. Secure Sockets & Networked Applications

The code does not implement networking capabilities such as secure

socket communication or handling networked applications.

2. Socket Programming

The project does not include socket programming for communication over
a network. There are no networked connections or client-server
interactions in this code.

3. Recursion & Backtracking

There is no use of recursion or backtracking in the project. The code does

not involve algorithms that require backtracking or recursive function calls.

4. Structs & Unions

While structs are used for organizing data (e.g., PasswordNode,

FileHeader), unions are not utilized in the project.

5. Code Quality Analysis

The project does not include any formal code quality analysis tools, such as
static code analysis or code style enforcement tools.

8
 6. Unit Testing

Unit testing is not implemented in this project. There are no automated

test cases or testing frameworks to verify the correctness of individual
components or functions.

7. Assertions

Assertions are not used in the project. The code relies on manual error
handling and status codes rather than automatic checks or assertions to
validate assumptions during runtime.

How to Build and Trigger the Software

This guide explains how to set up, build, and run the password manager
project using Visual Studio Code (VS Code) on a Windows system with
MinGW as the compiler. Follow these steps:

Step 1: Prerequisites
Before starting, make sure you have all the necessary tools. Install VS Code
by downloading it from code.visualstudio.com. Next, install MinGW from
MinGW-w64, and during the installation, select the mingw32-gcc-g++
package. After installation, add the C:\MinGW\bin folder to your PATH
environment variable so you can run gcc commands from the terminal. To
ensure that VS Code supports C/C++ development, open the Extensions
view (Ctrl+Shift+X) in VS Code, search for “C/C++” by Microsoft, and install
the extension. Finally, confirm that MinGW is installed correctly by running
gcc --version in a terminal.

9
Step 2: Open the Project in VS Code

Extract the Password Manager zip file to a location on your computer.

Open VS Code and navigate to File > Open Folder, then select the folder
where the project was extracted. Once the folder is loaded, verify that key
files like test.c, passwords.dat, and any output directories are visible in
the VS Code Explorer panel.

Step 3: Configure Build Settings

To build the project in VS Code, you first need to configure a build task.
First, open test.c. Then, open the integrated terminal ( Top Menu: View >
Terminal > New Terminal).

10
After, go to Terminal > Configure Default Build Task. Choose C/C++: gcc
build active file from the list. This action will generate a tasks.json file
inside the .vscode folder. The build task will allow VS Code to
automatically compile the project when needed.

Step 4: Compile the Code

To compile the project, make sure you are in the correct directory using the
command cd <project-folder-path> in the terminal. For instance,, cd '.\c
porgramming project password manager\'

Once inside the correct directory, where the project folder is located, type
. /test.exe.

11
The program will start, and you will be prompted to enter the master
password. Enter the default password, admin123, unless you have modified
it in the source code.

Step 6: Interact with the Program

1. Master Password Entry

Upon launching the program, you are prompted to enter the master
password. If correct, you gain access to the main menu. The coded built in
master password is admin123.

2. Main Menu Options:

○ Add a New Password:
■ Input fields for:
● Service Name (e.g., "Email" or "Banking App").

12
 ● Username.
● Password.
● Optional notes about the service.

○ View Saved Passwords:

■ Initially, passwords appear as "PROTECTED" or encrypted,
masking the actual password.
■ Each entry includes a button or command to "Decrypt"
the password, allowing it to be temporarily displayed in
plain text for readability.

○ Exit: Safely closes the program.

3. Automatic Backup

The program runs a background process that saves the entire password
database to a secure file every 5 minutes. This ensures that recent changes
aren't lost in case of a crash or shutdown.

Workflow for Viewing Passwords

1. Navigate to View Saved Passwords.

2. Passwords are listed with fields such as:
○ Service Name.
○ Username.
○ Password (displayed as [PROTECTED]).
○ Notes.

13
 3. Select the number of the service, to decrypt its assigned password.
The decrypted value appears temporarily in plain text, then it will
show as [PROTECTED] again.

This approach balances security with usability, ensuring passwords remain

protected while allowing on-demand access when needed.

Notes on Errors

If you encounter compilation errors, ensure that all required libraries (like
windows.h) are included and compatible with your setup. Additionally,
verify that MinGW is properly installed and accessible via the PATH variable.
For runtime errors, ensure necessary files such as passwords.dat are
present in the correct directories. Debugging messages in the terminal or
output logs can provide further insights into any issues.

How AI Helped
AI played a crucial role in various stages of the Password Manager project,
from planning to implementation and troubleshooting. Here's how:

1. Code Generation and Debugging:

During the development phase, AI tools provided example code snippets
for tasks like encryption, checksum calculation, and file I/O operations. It
also helped debug errors by analyzing the code and suggesting
corrections or optimizations.

2. Research and Optimization:

AI was used to research best practices for secure password management,
such as encryption techniques and input validation methods. It also

14
suggested optimizations to improve performance, such as reducing
memory usage and minimizing redundant operations.

3. Error Handling and Troubleshooting:

AI tools provided insights into managing common runtime errors, such as
file I/O issues and memory leaks. By suggesting error handling techniques
and sample code, it helped enhance the robustness of the program.

Problems Encountered and Solutions

1. File Corruption Issues:
During testing, corrupted data files caused the program to crash. This was
resolved by implementing checksum verification to validate the integrity of
stored data. The program now detects corrupted files and alerts the user
instead of crashing.

2.Race Conditions in Multithreading:

Simultaneous access to the linked list by the main program and the
backup thread caused race conditions, leading to data inconsistencies. To
resolve this, a mutex was introduced to ensure thread-safe access to
shared resources.

3.Memory Management Errors:

Memory leaks occurred due to improper freeing of dynamically allocated
memory. This was resolved by adding proper cleanup functions to free all
dynamically allocated memory when the program exits. Tools like Valgrind
were used to detect and resolve leaks.

4.Compatibility with Different Systems:

The program initially relied on Windows-specific libraries, making it
incompatible with other operating systems. This was resolved by

15
refactoring the code to use more portable libraries wherever possible and
documenting platform-specific dependencies in the user guide.

5.Weak Encryption:
The initial XOR-based encryption was deemed insufficient for strong
security. This was addressed by planning future improvements to replace
XOR encryption with industry-standard encryption methods like AES and
adding a disclaimer in the documentation to highlight this limitation.

6.Compilation and Setup Errors:

Some users faced challenges setting up the environment and compiling
the program. This was resolved by providing detailed setup instructions in
the documentation, including troubleshooting tips for common errors.

7.User Interface Limitations:

The initial text-based interface was not very user-friendly. This was
addressed by enhancing the menu system with clearer prompts and error
messages, with plans for future updates to include a graphical user
interface (GUI).

8.Viewing Encrypted Data:

In the earlier implementation, users were unable to view their saved
usernames or passwords as they were directly encrypted without an option
to decrypt. This was resolved by introducing a feature in the "View Saved
Passwords" section that displays encrypted passwords as [PROTECTED]
initially, with an option to decrypt and temporarily view them in plain text.
This balances usability with security while maintaining encryption for
inactive data.

16