Validate a password against a policy

Challenge

Implement int password_check(const char *pw). Return a bitmask of failed requirements:

• bit 0 (1): length < 12
• bit 1 (2): no uppercase letter
• bit 2 (4): no lowercase letter
• bit 3 (8): no digit
• bit 4 (16): no special character (anything that isn't alnum and isn't whitespace)
• bit 5 (32): contains the substring password (case-insensitive)

Returns 0 if the password passes all checks.

Why this matters

Password policies are a balancing act: strong enough to resist common attacks, loose enough to be usable. NIST 800-63B has moved away from forced complexity in favor of length + breached-password checks, but understanding the legacy 'classic' rules is still important for compliance work.

Input format

ASCII string, null-terminated.

Output format

Bitmask.

Constraints

Single pass over the string preferred.

Starter code

int password_check(const char *pw) { /* TODO */ return 0; }

Common mistakes

Treating space as a special char (it usually shouldn't be); using strcasestr (not standard — implement case-insensitive search yourself); using > instead of >= on the length check.

Edge cases to handle

Empty string fails all. 12+ chars with only letters still fails digit and special.

Complexity

O(strlen).