Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Controlling Password

Posted on 2003-03-13
9
Medium Priority
?
202 Views
Last Modified: 2010-04-01
I need a simple password checking program which is written in c++
I need example programs...

Thanks...
0
Comment
Question by:CINGIL
9 Comments
 
LVL 8

Expert Comment

by:Exceter
ID: 8129930
Could you be more specific?
0
 

Author Comment

by:CINGIL
ID: 8130943
user must enter a password to enter the program...But ý need secure password controlling code because there should be no unsecure holes...

0
 

Author Comment

by:CINGIL
ID: 8130979
I need to control password but I dont know what kinds of way that I save true password in source code...exactly the problem that is...
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:CINGIL
ID: 8130983
I need to control password but I dont know what kinds of way that I save true password in source code...exactly the problem that is...
0
 
LVL 30

Expert Comment

by:Mayank S
ID: 8133950
1. Save your original password in a file in some encrypted form.

2. While running the program, read the password from the user in a loop using the getch () function (so that the password is not displayed on the screen) and keep printing a '*' character on the screen for every key pressed. Also, keep storing the values returned by getch () into an array.

3. Read the original password from the file and decrypt it into an array. Compare it with the values in the array which held the values returned by getch () when the user was inputting the password.

If the two arrays are the same, then the password is correct, else not.

Mayank.
0
 

Accepted Solution

by:
errorx666 earned 60 total points
ID: 8135030
    Best to use a asymmetric encryption algorithm like RSA; asymmetric simply means it uses a public key to encrypt and a (secret) private key to decrypt.  Then you store the password in encrypted form and the public encryption key in the program, and when the user enters a password you encrypt it with the public key and see if it matches the already-encrypted password stored within.  The private decryption key is no where within the program and therefore the password stored within cannot be decrypted.

For information on RSA encryption: http://world.std.com/~franl/crypto/rsa-guts.html

     A simpler but less secure way to validate a password involves a method known as polynomial checking, using an algorithm called a Cyclical Redundancy Check (CRC).  The CRC is a digest of the original data, a mathematical formula that can be used to see that two sources of data are identical without disclosing the source.  So, instead of an encrypted password, you could use the CRC of a password and the if the entered password has the same CRC, it is nearly certain it is correct.  The CRC algorithm is much simpler than RSA and can be included as a reasonably short function.  A program like Hex Workshop ( www.bpsoft.com ) can generate the source CRC for the password, or you could simply put it into the CRC function given here and record the result.

#include <string.h>
#include <iostream.h>

unsigned long CRC32(unsigned char *lpData,int nLength)
{
     unsigned long d;
     unsigned long t[256];
     int x,y;
     for(y=0;y<256;y++)
     {
          d=(unsigned long)y;
          for(x=0;x<8;x++)
          {
               if(d&1)d=0xEDB88320l^(d>>1);
               else d=d>>1;
          };
          t[y]=d;
     };
     d=0xFFFFFFFFl;
     for(y=0;y<nLength;y++)d=t[(d^lpData[y])&0xFF]^(d>>8);
     return d^0xFFFFFFFFl;
};

const unsigned long CorrectPasswordCRC32=0x35C246D5l;

bool VerifyPassword(const char *lpPassword)
{
     return ( CRC32( ( unsigned char * ) lpPassword, strlen( lpPassword ) ) == CorrectPasswordCRC32 );
};

int main(void)
{
     char Password[80];
     cout << "Please enter the password>";
     cin >> Password;
     if(VerifyPassword(Password))
     {
          cout << "Password accepted." << endl;
     }else
     {
          cout << "Password rejected." << endl;
     };
     return 0;
};
0
 

Expert Comment

by:errorx666
ID: 8135052
Note: For the example above the password is "password", and the CRC stored in the program 0x35C246D5l; when you compile this example, see for yourself that it accepts "password" and rejects everything else.
0
 

Expert Comment

by:errorx666
ID: 8135110
    Best to use a asymmetric encryption algorithm like RSA; asymmetric simply means it uses a public key to encrypt and a (secret) private key to decrypt.  Then you store the password in encrypted form and the public encryption key in the program, and when the user enters a password you encrypt it with the public key and see if it matches the already-encrypted password stored within.  The private decryption key is no where within the program and therefore the password stored within cannot be decrypted.

For information on RSA encryption: http://world.std.com/~franl/crypto/rsa-guts.html

     A simpler but less secure way to validate a password involves a method known as polynomial checking, using an algorithm called a Cyclical Redundancy Check (CRC).  The CRC is a digest of the original data, a mathematical formula that can be used to see that two sources of data are identical without disclosing the source.  So, instead of an encrypted password, you could use the CRC of a password and the if the entered password has the same CRC, it is nearly certain it is correct.  The CRC algorithm is much simpler than RSA and can be included as a reasonably short function.  A program like Hex Workshop ( www.bpsoft.com ) can generate the source CRC for the password, or you could simply put it into the CRC function given here and record the result.

#include <string.h>
#include <iostream.h>

unsigned long CRC32(unsigned char *lpData,int nLength)
{
     unsigned long d;
     unsigned long t[256];
     int x,y;
     for(y=0;y<256;y++)
     {
          d=(unsigned long)y;
          for(x=0;x<8;x++)
          {
               if(d&1)d=0xEDB88320l^(d>>1);
               else d=d>>1;
          };
          t[y]=d;
     };
     d=0xFFFFFFFFl;
     for(y=0;y<nLength;y++)d=t[(d^lpData[y])&0xFF]^(d>>8);
     return d^0xFFFFFFFFl;
};

const unsigned long CorrectPasswordCRC32=0x35C246D5l;

bool VerifyPassword(const char *lpPassword)
{
     return ( CRC32( ( unsigned char * ) lpPassword, strlen( lpPassword ) ) == CorrectPasswordCRC32 );
};

int main(void)
{
     char Password[80];
     cout << "Please enter the password>";
     cin >> Password;
     if(VerifyPassword(Password))
     {
          cout << "Password accepted." << endl;
     }else
     {
          cout << "Password rejected." << endl;
     };
     return 0;
};
0
 

Author Comment

by:CINGIL
ID: 8144479
thanks a lot :-)
0

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When writing generic code, using template meta-programming techniques, it is sometimes useful to know if a type is convertible to another type. A good example of when this might be is if you are writing diagnostic instrumentation for code to generat…
Go is an acronym of golang, is a programming language developed Google in 2007. Go is a new language that is mostly in the C family, with significant input from Pascal/Modula/Oberon family. Hence Go arisen as low-level language with fast compilation…
The goal of the tutorial is to teach the user how to use functions in C++. The video will cover how to define functions, how to call functions and how to create functions prototypes. Microsoft Visual C++ 2010 Express will be used as a text editor an…
The viewer will be introduced to the member functions push_back and pop_back of the vector class. The video will teach the difference between the two as well as how to use each one along with its functionality.
Suggested Courses

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question