?
Solved

Controlling Password

Posted on 2003-03-13
9
Medium Priority
?
201 Views
Last Modified: 2010-04-01
I need a simple password checking program which is written in c++
I need example programs...

Thanks...
0
Comment
Question by:CINGIL
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 8

Expert Comment

by:Exceter
ID: 8129930
Could you be more specific?
0
 

Author Comment

by:CINGIL
ID: 8130943
user must enter a password to enter the program...But ý need secure password controlling code because there should be no unsecure holes...

0
 

Author Comment

by:CINGIL
ID: 8130979
I need to control password but I dont know what kinds of way that I save true password in source code...exactly the problem that is...
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 

Author Comment

by:CINGIL
ID: 8130983
I need to control password but I dont know what kinds of way that I save true password in source code...exactly the problem that is...
0
 
LVL 30

Expert Comment

by:Mayank S
ID: 8133950
1. Save your original password in a file in some encrypted form.

2. While running the program, read the password from the user in a loop using the getch () function (so that the password is not displayed on the screen) and keep printing a '*' character on the screen for every key pressed. Also, keep storing the values returned by getch () into an array.

3. Read the original password from the file and decrypt it into an array. Compare it with the values in the array which held the values returned by getch () when the user was inputting the password.

If the two arrays are the same, then the password is correct, else not.

Mayank.
0
 

Accepted Solution

by:
errorx666 earned 60 total points
ID: 8135030
    Best to use a asymmetric encryption algorithm like RSA; asymmetric simply means it uses a public key to encrypt and a (secret) private key to decrypt.  Then you store the password in encrypted form and the public encryption key in the program, and when the user enters a password you encrypt it with the public key and see if it matches the already-encrypted password stored within.  The private decryption key is no where within the program and therefore the password stored within cannot be decrypted.

For information on RSA encryption: http://world.std.com/~franl/crypto/rsa-guts.html

     A simpler but less secure way to validate a password involves a method known as polynomial checking, using an algorithm called a Cyclical Redundancy Check (CRC).  The CRC is a digest of the original data, a mathematical formula that can be used to see that two sources of data are identical without disclosing the source.  So, instead of an encrypted password, you could use the CRC of a password and the if the entered password has the same CRC, it is nearly certain it is correct.  The CRC algorithm is much simpler than RSA and can be included as a reasonably short function.  A program like Hex Workshop ( www.bpsoft.com ) can generate the source CRC for the password, or you could simply put it into the CRC function given here and record the result.

#include <string.h>
#include <iostream.h>

unsigned long CRC32(unsigned char *lpData,int nLength)
{
     unsigned long d;
     unsigned long t[256];
     int x,y;
     for(y=0;y<256;y++)
     {
          d=(unsigned long)y;
          for(x=0;x<8;x++)
          {
               if(d&1)d=0xEDB88320l^(d>>1);
               else d=d>>1;
          };
          t[y]=d;
     };
     d=0xFFFFFFFFl;
     for(y=0;y<nLength;y++)d=t[(d^lpData[y])&0xFF]^(d>>8);
     return d^0xFFFFFFFFl;
};

const unsigned long CorrectPasswordCRC32=0x35C246D5l;

bool VerifyPassword(const char *lpPassword)
{
     return ( CRC32( ( unsigned char * ) lpPassword, strlen( lpPassword ) ) == CorrectPasswordCRC32 );
};

int main(void)
{
     char Password[80];
     cout << "Please enter the password>";
     cin >> Password;
     if(VerifyPassword(Password))
     {
          cout << "Password accepted." << endl;
     }else
     {
          cout << "Password rejected." << endl;
     };
     return 0;
};
0
 

Expert Comment

by:errorx666
ID: 8135052
Note: For the example above the password is "password", and the CRC stored in the program 0x35C246D5l; when you compile this example, see for yourself that it accepts "password" and rejects everything else.
0
 

Expert Comment

by:errorx666
ID: 8135110
    Best to use a asymmetric encryption algorithm like RSA; asymmetric simply means it uses a public key to encrypt and a (secret) private key to decrypt.  Then you store the password in encrypted form and the public encryption key in the program, and when the user enters a password you encrypt it with the public key and see if it matches the already-encrypted password stored within.  The private decryption key is no where within the program and therefore the password stored within cannot be decrypted.

For information on RSA encryption: http://world.std.com/~franl/crypto/rsa-guts.html

     A simpler but less secure way to validate a password involves a method known as polynomial checking, using an algorithm called a Cyclical Redundancy Check (CRC).  The CRC is a digest of the original data, a mathematical formula that can be used to see that two sources of data are identical without disclosing the source.  So, instead of an encrypted password, you could use the CRC of a password and the if the entered password has the same CRC, it is nearly certain it is correct.  The CRC algorithm is much simpler than RSA and can be included as a reasonably short function.  A program like Hex Workshop ( www.bpsoft.com ) can generate the source CRC for the password, or you could simply put it into the CRC function given here and record the result.

#include <string.h>
#include <iostream.h>

unsigned long CRC32(unsigned char *lpData,int nLength)
{
     unsigned long d;
     unsigned long t[256];
     int x,y;
     for(y=0;y<256;y++)
     {
          d=(unsigned long)y;
          for(x=0;x<8;x++)
          {
               if(d&1)d=0xEDB88320l^(d>>1);
               else d=d>>1;
          };
          t[y]=d;
     };
     d=0xFFFFFFFFl;
     for(y=0;y<nLength;y++)d=t[(d^lpData[y])&0xFF]^(d>>8);
     return d^0xFFFFFFFFl;
};

const unsigned long CorrectPasswordCRC32=0x35C246D5l;

bool VerifyPassword(const char *lpPassword)
{
     return ( CRC32( ( unsigned char * ) lpPassword, strlen( lpPassword ) ) == CorrectPasswordCRC32 );
};

int main(void)
{
     char Password[80];
     cout << "Please enter the password>";
     cin >> Password;
     if(VerifyPassword(Password))
     {
          cout << "Password accepted." << endl;
     }else
     {
          cout << "Password rejected." << endl;
     };
     return 0;
};
0
 

Author Comment

by:CINGIL
ID: 8144479
thanks a lot :-)
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction This article is the first in a series of articles about the C/C++ Visual Studio Express debugger.  It provides a quick start guide in using the debugger. Part 2 focuses on additional topics in breakpoints.  Lastly, Part 3 focuses on th…
Many modern programming languages support the concept of a property -- a class member that combines characteristics of both a data member and a method.  These are sometimes called "smart fields" because you can add logic that is applied automaticall…
The viewer will learn how to pass data into a function in C++. This is one step further in using functions. Instead of only printing text onto the console, the function will be able to perform calculations with argumentents given by the user.
The viewer will learn how to clear a vector as well as how to detect empty vectors in C++.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question