cybersecurity · intermediate · ~15 min · safe pentest lab
Compose multiple validation passes into a single score.
Implement int score_password(const char *p) returning a 0–4 integer score. Award one point each for: length ≥ 8, contains an uppercase letter, contains a digit, contains a non-alphanumeric character. Cap at 4.
A simple defensive heuristic — real systems should also check against breached-password lists.
Checking password strength is a perennial real-world feature: signup forms, admin dashboards, security audits. Writing the rule engine clarifies how (and why) modern NIST guidance prefers length over complexity.
#include <ctype.h>
#include <string.h>
int score_password(const char *p) {
/* TODO */
return 0;
}
Counting categories without considering length (a 12-char all-lower password is still trivial to brute-force). Using regex for what character-class checks do simply. Allowing the literal word 'password'.
Empty string — score 0. Very long (32+) string with only letters — still weak by some scoring rules.
O(strlen).
Solve this exercise in the browser editor — compile and run against the test harness, no setup required.