?
Solved

In C++, user writes a password and the screen displays astericks like a user name/password.

Posted on 2003-03-30
30
Medium Priority
?
432 Views
Last Modified: 2012-06-22
I'm new in this C++ world, I would like to know how to make a program have to have a password security. That the user enters any chracter string as a password but on the screen what is shown are for example "********", when user inputs "password". Like an email password security.
0
Comment
Question by:bealucas
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 10
  • 8
  • 8
  • +3
30 Comments
 

Author Comment

by:bealucas
ID: 8234614
Help me
0
 
LVL 16

Expert Comment

by:sh0e
ID: 8235630
provide the context in which this will be used..
the solution will greatly depend on what kind of code you are using
what you are asking for is way too broad
sorry we need more information
0
 
LVL 16

Expert Comment

by:sh0e
ID: 8235646
anyways just fyi what you are asking for is generally known as password masking
and most gui sets have textboxes that support password masking
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 30

Accepted Solution

by:
Mayank S earned 240 total points
ID: 8236347
Assuming that you're not working on GUI, but on a console-based program, you can read the password using getch () (which will not let the characetr be displayed), and store it in an array, and for every character typed by the user, output a '*':

const int ENTER = 13 ; // The 'Enter' key
const int MAX = 16 ; // maximum size of password
char password[] = "MyPassword" ;
char temp[MAX+1] ;

int count = 0, ch ;

do
{
  ch = getch () ;
 
  if ( ch != ENTER )
    temp[count++] = (char) ch ; // end if

  else
    break ; // end else

} while ( count != MAX ) ; // end do-while

temp[count] = '\0' ; // end if

if ( strcmp ( password, temp ) == 0 )
  cout << "\n Correct! " ; // end if

else
  cout << "\n Incorrect. " ; // end else


Hope that helps!

Mayank.
0
 

Expert Comment

by:Augury
ID: 8236946
Assuming you are using command prompt this is the code I always use.

#include<iostream.h>
#include<conio.h>

bool CheckPassword();
void main()
{
 bool Valid;

     Valid = CheckPassword();

}

bool CheckPassword()
{
     char ch;
     char password[] = "password";
     int count = 0;
     ch = getch();
     while (int(ch) != 13)
     {

          if (password[count] != ch){
               return false;
          }
          else ch = getch();
     
          count++;
     }
         
return true;
}
0
 

Expert Comment

by:Augury
ID: 8237013
Assuming you are using command prompt this is the code I always use.

#include<iostream.h>
#include<conio.h>

bool CheckPassword();
void main()
{
 bool Valid;

     Valid = CheckPassword();

}

bool CheckPassword()
{
     char ch;
     char password[] = "password";
     int count = 0;
     ch = getch();
     while (int(ch) != 13)
     {

          if (password[count] != ch){
               return false;
          }
          else ch = getch();
     
          count++;
     }
         
return true;
}
0
 

Expert Comment

by:Augury
ID: 8237122
Assuming you are using command prompt this is the code I always use.

#include<iostream.h>
#include<conio.h>

bool CheckPassword();
void main()
{
 bool Valid;

     Valid = CheckPassword();

}

bool CheckPassword()
{
     char ch;
     char password[] = "password";
     int count = 0;
     ch = getch();
     while (int(ch) != 13)
     {

          if (password[count] != ch){
               return false;
          }
          else ch = getch();
     
          count++;
     }
         
return true;
}
0
 
LVL 30

Expert Comment

by:Mayank S
ID: 8237172
Augury,

Please don't click on 'Refresh' ro refresh this page. Use the 'Reload This Question' link on the left-hand side.

Thanks,

Mayank.
0
 
LVL 16

Expert Comment

by:sh0e
ID: 8240779
augury..
ur code does basically the same thing mayans did..
and may be problematic as it uses a non-standard library (conio.h)
that will not be supported by all compilers
it also does not provide the asterix password masking that the original question asked for

and i must say the method is very inefficient and flawed
why is it flawed? this allows the user to guess what characters are in the password
it stops immediately after one character typed in is wrong
thus for the first character i could try a-z.. then for the second character a-z
and so on.. and i will no exactly if i have 2 right.. or 3 right.. until i get the password
thus this can be cracked in realtime quite trivially.. even possibly by human input
inefficient in the way that it checks the characters in the password

i hope you dont use that function in any production programs.. *shudder*
0
 

Expert Comment

by:Augury
ID: 8242233
sh0e:

I did not refresh until after I posted. So I did not see mayankeagle post. Second, you can not use the getch command without using conio. Every compiler I have ever used has a version of conio that contains getch.

Secondly, this is just a template. Its actually a piece of code from a private chat program in which I need realtime encryption I wrote years ago. This is just a piece of that with all the other stuff removed. The way the question I interrupted that he/she was requesting a method not a working program.

Finally, I highly doubt you could brute force crack a password in real time. There are 62 possibiliies for each character (using only A-Z, a-z, and 0-9). There are 3844 combinations for a two letter password.

To fix your problems you simply have to:
add:
  while (int(ch)!= 13) ch = getch();
@ line 26
  if (int(password[count]) > 0) return false;
@ line 35


so your function would look like:
bool CheckPassword()
{
    char ch;
    char password[] = "password";
    int count = 0;
    ch = getch();
    while (int(ch) != 13)
    {

         if (password[count] != ch){

                while (int(ch)!= 13) ch = getch();
                return false;
         }
         else ch = getch();
   
         count++;
    }

     if (int(password[count]) > 0) return false;
     
return true;
}
0
 

Expert Comment

by:Augury
ID: 8242237
I apologize for my repeated posting as I did not realize refreshing would have that effect.
0
 

Expert Comment

by:Augury
ID: 8242284
The below attach program takes input, replaces and replaces it with a *.

#include<iostream.h>
#include<conio.h>

bool CheckPassword();
void main()
{
bool Valid;


    Valid = CheckPassword();

}

bool CheckPassword()
{
    char ch;
    char password[] = "password";
    int count = 0;

     
     ch = getch();

    while (int(ch) != 13)
    {

         if (password[count] != ch){

                while (int(ch)!= 13) {
                    cout<<"*"<<flush;
                     ch = getch();
                }
               
               
                return false;
         }
         else {
                   cout<<"*"<<flush;
                    ch = getch();
           }
         
           count++;
    }

     if (int(password[count]) > 0) return false;
     
return true;
}
0
 
LVL 16

Expert Comment

by:sh0e
ID: 8242859
it is definitely real time..
first of all.. 3000 is real time for a computer application to crack
second of all it is not 3000
it would be 62*(number of chars) possibilities
because you would be cracking each individual character at a time
i think uve misunderstood the method.. it takes advantage of the fact that you stop after every character thats wrong
say password = password
try a-z 0-9 to find p
type p and then a-z 0-9 to find a
type pa and then a-z 0-9 to find s
so on..
this yields only 8*62=462 combinations.. this is human crackable
0
 
LVL 16

Expert Comment

by:sh0e
ID: 8242862
i meant 3000+ if you want to be nitpicky ;)
0
 
LVL 16

Expert Comment

by:sh0e
ID: 8242869
and i was stating that conio.h is not supported by all compilers.. which makes ur use of it not a good thing
i did not make the statement that its needed to do that
0
 

Expert Comment

by:Augury
ID: 8243084
sh0e:

I just want it noted that for someone who has done a lot of complaining you have not offered anything that could be considered within the general scope or help.

Primary my post was to be used for bealucas to write his/her own function/class. I have since updated the little snippet with two less then 5 lines of code and have fixed every issue you have brought up. It was not my understand that this message board was to be used to get your work done for you. It is unfortunate that in an attempt to help a stranger you have to run into assholes like yourself.

Andrew
0
 
LVL 16

Expert Comment

by:sh0e
ID: 8243137
augury:
i have not offered anything for lack of a response from questioner
he did not specify in what environment this is to be done
and i would rather say that you guys are "assuming" things without knowing the full scope of what is required
it is analagous to a doctor offering random medicine without examining the patient

and i am not "complaining" as you put it but criticizing your application as erroneous and flawed
and i am explaining in more detail the problem as you do not seem to be acknowledging it "since [you] fixed the problem"
additionally ur added embedded loops make the program even more inefficient

besides.. your tip is partially useless when mayan has produced
something that already works prior to yours and actually is more efficient and not as flawed

please refrain from using such crude and offensive remarks as they are unfounded and misplaced
for the sake of your own dignity as well as mine and others reading sake
i have made no directly offensive or provocative remarks that warrant your ill placed response
0
 
LVL 30

Expert Comment

by:Mayank S
ID: 8243214
Oops, sorry I missed this statement:

>> if ( ch != ENTER )
>>   temp[count++] = (char) ch ; // end if

if ( ch != ENTER )
{
  temp[count++] = (char) ch ;
  cout << "*" ;

} // end if

// It should not display a '*' when 'Enter' is pressed.

So, now its:

const int ENTER = 13 ; // The 'Enter' key
const int MAX = 16 ; // maximum size of password
const char password[] = "MyPassword" ;
char temp[MAX+1] ;

int count = 0, ch ;

do
{
  ch = getch () ;
 
  if ( ch != ENTER )
  {
    temp[count++] = (char) ch ;
    cout << "*" ;

  } // end if

  else
    break ; // end else

} while ( count != MAX ) ; // end do-while

temp[count] = '\0' ; // end if

if ( strcmp ( password, temp ) == 0 )
  cout << "\n Correct! " ; // end if

else
  cout << "\n Incorrect. " ; // end else


Mayank.
0
 

Expert Comment

by:Augury
ID: 8243956
sh0e:

You have obviously not taken anything resembling statistics as your mathematics does not allow for combinations.

Again, you comment on my code as though it were an application. I was unaware that this message board or this post was a request for a complete solution. If you read the question (I am assuming you can read) he says
   I would like to know how to make a program have
   to have a password security.
The method I have given is quite adaptable and is well within the scope of the question. Not to mention mayankeagle use of the strcmp function which is very inefficient.

Shoe, if I had to venture a guess I would safely assume you have little to know real world programming experience. I can think of so few instances when a hard coded password. Finally, my solution and my corrections were both done in under 5 minutes total. This is due to the fact that both were an attempt to give demonstrations as to how to do the above stated question. You may not have insulted me directly, but you have insulted me with you asinine responses. It is again unfortunate that in an attempt to help someone seeking help one has to encounter an idiot like yourself.

Andrew
0
 
LVL 30

Expert Comment

by:Mayank S
ID: 8244082
>> Not to mention mayankeagle use of the strcmp function which is very inefficient.

If you need to check the password after the user presses the 'Enter' key (which is the way that it should be), or when it exceeds the total number of characters allowed, then you definitely need a loop (or a call to a function like strcmp ()) to compare the entered password with the original one. I have (and I guess everyone has) only come across applications where the entered password is checked after pressing the 'Enter' key.

Regards,

Mayank.
0
 
LVL 30

Expert Comment

by:Mayank S
ID: 8244111
>> I did not refresh until after I posted. So I did not see mayankeagle post.

Man! That's plenty of time difference.. anyways, just kiddin'

Actually, no hard feelings, Augury, but I agree with sh0e that by your method, the password can be cracked in real time.

Mayank.
0
 
LVL 30

Expert Comment

by:Mayank S
ID: 8244128
>> you have insulted me with you asinine responses. It is again unfortunate that in an attempt to help someone seeking help one has to encounter an idiot like yourself

Cool it, guys!

Augury, please don't try simply to defend yourself, but try to understand why sh0e is trying to point out a mistake. Its a matter of fact, that if somebody decides to give it a whole day, then he may easily crack the password by your method.

Please don't use offesive language, guys! We're here to help the questioner, not to fight amongst ourselves.

Cheers :-),

Mayank.
0
 
LVL 16

Expert Comment

by:sh0e
ID: 8244290
hahaha augury your blatant attempts to undermine me with my profile information is entertaining

it is obvious that your understanding of security and programming is limited
the logic error in your original code and the structure you have used in the authentication clearly shows
a template for what? how is it extensible please enlighten me?
you are using a character by character comparison scheme depending on a plaintext hardcoded string
you have embedded the a single character input reading into a function..
thats not adaptable

yes i can read very well thank you
"Title: In C++, user writes a password and the screen displays astericks like a user name/password."
notice the emphasis on password masking which you left out in the original code

btw there are no combinations in what i described
it is so simplistic that it needs no statistical explanation
i was describing a way to find the original password.. if you dont understand it you need to think harder
input: 62 different possibilities for first character
i find 'p' is the first character.. having done that
i use p for the first in my next brute force
input: p(62 different possibilities)
i find 'a' as the second character
worst case scenario is 62*(number of characters) to find the original password
no manner of password encryption would help with such a weak authentication scheme.. if it can be even called that
and you also dont seem to realize that all you need to get is the first character correct
namely for your example typing 'p' would return true

and yet again you escalate your flame..
since you insist i will gladly partake in your little sludge fest in another forum
namely the lounge at this thread:
http://www.experts-exchange.com/Miscellaneous/Q_20569826.html
it has been a while since ive had reason to stomp dignity
0
 
LVL 30

Expert Comment

by:Mayank S
ID: 8244446
>> you have to run into assholes like yourself

I think the rules of EE also strictly state that such abusing words are not to be used. That's what the member agreement said.

Mayank.
0
 
LVL 16

Expert Comment

by:sh0e
ID: 8244503
mayan try to move stuff like that to the other thread.. this is starting to look like a trolled thread
if it persists ill ask cs to try and clean it up
0
 
LVL 16

Expert Comment

by:sh0e
ID: 8244557
http://www.experts-exchange.com/Miscellaneous/Lounge/Q_20569884.html
better placement in the lounge

 got flames?


everything from the arrow down proclaimed only on
questioner subject matter
when the issue has been resolved.. the conclusion shall be posted as finalization
please do not be inconsiderate or dumb enough to trespass
----->
0
 
LVL 1

Expert Comment

by:Computer101
ID: 8257415
First of all, flaming will not happen in this thread.  Second, if the language continues, you will probably be getting a mail from me.

Drive on with the question

Computer101
E-E Admin
0
 

Expert Comment

by:CleanupPing
ID: 9446657
bealucas:
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1 
EXPERTS:
Post your closing recommendations!  No comment means you don't care.
0
 
LVL 30

Expert Comment

by:Mayank S
ID: 9451822
Recommendation: Accept mayankeagle's comment as answer.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is about my first experience with programming Arduino.
The SignAloud Glove is capable of translating American Sign Language signs into text and audio.
An introduction to basic programming syntax in Java by creating a simple program. Viewers can follow the tutorial as they create their first class in Java. Definitions and explanations about each element are given to help prepare viewers for future …
Starting up a Project
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question