Dictionary brute force on DES encrypted passwords

For a school project I am tasked to decrypt DES passwords. I have sample code provided below and I want to know if this is the best method. Also should I code in error handling for the dictionary file or does the while condition take care of this?

#include 
#include 
#include 
#include 

#define _XOPEN_SOURCE

int main(int argc, char* argv[])
{
    if (argc != 2)
    {
        printf("Usage: ./crack \n");
        return 1;
    }

    int n = strlen(argv[1]);
    char password[n];

    for (int i = 0; i < n; i++)
    {
        password[i] = argv[1][i];
    }

    char salt[2]; 
    salt[0] = password[0];
    salt[1] = password[1]; 

    FILE *fp;
    fp = fopen("/usr/share/dict/words", "r");
    char line[50];

    while(fgets(line,50,fp)!= NULL)
    {
        line[strlen(line) - 1] = '\0';            
        if (!strcmp(argv[1], crypt(line, salt)))
        {
            printf("Password found!\n");
            return 0;
        }
    }
    printf("Not found\n");
    fclose(fp);
    return 0;
}

You're keeping us in suspense — I'm dying to know which password matched!

Many password crackers also test for common character substitutions, e.g. o → 0, i → 1, s → $.

Other than that, the general technique seems sound.

I do have a few general remarks, though.

• What is #define _XOPEN_SOURCE for? Sometimes, defining it will change some of the functions you call. However, it would only have any effect if you put it before your #includes.

• It would be good to make a function, even for a simple program like this. I suggest that main() be responsible for parsing and validating the command line and opening the word list, calling crack(const char pwhash, FILE wordlist) to do the actual work.

• You don't close the word list if you find a match.

• Consider returning a non-zero exit status if the password is not found. That makes your program more useful to scripts.

StackExchange Code Review Q#45650, answer score: 4