Now you're reading past the end of y. With your encryption scheme, the password has to be at least as long as the data. Otherwise you'll have to keep repeating the password, which is a security vulnerability.
Just a note from my personal experience with this, you'll want to make sure that you open the source file in binary mode. This is because things like NULL and white space would be output to the file the same but the ASCII values are different.
Telion said:
With your encryption scheme, the password has to be at least as long as the data. Otherwise you'll have to keep repeating the password, which is a security vulnerability.
This is like saying steal is weak against thermite. For what you are doing right now OP, don't worry too much about what Telion said here. Even though he is 100% correct, attacks on a poly-alphabetic cipher rely on the repetition of the keyword to help determine its length, you could spend weeks on this topic and never finish your code. Cryptanalysis is an amazing topic and it would need it's own website just to scratch the surface of.