# 11.14 Getting a Random Printable ASCII String

#### 11.14.1 Problem

You want to get a random printable ASCII string.

#### 11.14.2 Solution

If you do not want whitespace characters, the printable ASCII characters have values from 33 to 126, inclusive. Simply get a random number in that range for each character.

If you want to choose from a different character set (such as the base64 character set), map each character to a specific numeric value between 0 and the number of characters you have. Select a random number in that range, and map the number back to the corresponding character.

#### 11.14.3 Discussion

The code presented in this section returns a random ASCII string of a specified length, where the specified length includes a terminating NULL byte. We use the printable ASCII characters, meaning that we never output whitespace or control characters.

Assuming a good underlying infrastructure for randomness, each character should be equally likely. However, the ease with which an attacker can guess a single random string is related not only to the entropy in the generator, but also to the length of the output. If you use a single character, there are only 94 possible values, and a guess will be right with a probability of 1/94 (not having entropy can give the attacker an even greater advantage).

As a result, your random strings should use no fewer than 10 random characters (not including the terminating NULL byte), which gives you about 54 bits of security. For a more conservative security margin, you should go for 15 to 20 characters.

```#include <stdlib.h>

char *spc_rand_ascii(char *buf, size_t len) {
char *p = buf;

while (--len)
*p++ = (char)spc_rand_range(33, 126);
*p = 0;
return buf;
}```

 Foreword
 Preface
 Chapter 1. Safe Initialization
 Chapter 2. Access Control
 Chapter 3. Input Validation
 Chapter 4. Symmetric Cryptography Fundamentals
 Chapter 5. Symmetric Encryption
 Chapter 6. Hashes and Message Authentication
 Chapter 7. Public Key Cryptography
 Chapter 8. Authentication and Key Exchange
 Chapter 9. Networking
 Chapter 10. Public Key Infrastructure
 Chapter 12. Anti-Tampering
 Chapter 13. Other Topics
 Colophon