Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 463
  • Last Modified:

In C++, user writes a password and the screen displays astericks like a user name/password.

I'm new in this C++ world, I would like to know how to make a program have to have a password security. That the user enters any chracter string as a password but on the screen what is shown are for example "********", when user inputs "password". Like an email password security.
0
bealucas
Asked:
bealucas
  • 10
  • 8
  • 8
  • +3
1 Solution
 
bealucasAuthor Commented:
Help me
0
 
sh0eCommented:
provide the context in which this will be used..
the solution will greatly depend on what kind of code you are using
what you are asking for is way too broad
sorry we need more information
0
 
sh0eCommented:
anyways just fyi what you are asking for is generally known as password masking
and most gui sets have textboxes that support password masking
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
Mayank SAssociate Director - Product EngineeringCommented:
Assuming that you're not working on GUI, but on a console-based program, you can read the password using getch () (which will not let the characetr be displayed), and store it in an array, and for every character typed by the user, output a '*':

const int ENTER = 13 ; // The 'Enter' key
const int MAX = 16 ; // maximum size of password
char password[] = "MyPassword" ;
char temp[MAX+1] ;

int count = 0, ch ;

do
{
  ch = getch () ;
 
  if ( ch != ENTER )
    temp[count++] = (char) ch ; // end if

  else
    break ; // end else

} while ( count != MAX ) ; // end do-while

temp[count] = '\0' ; // end if

if ( strcmp ( password, temp ) == 0 )
  cout << "\n Correct! " ; // end if

else
  cout << "\n Incorrect. " ; // end else


Hope that helps!

Mayank.
0
 
AuguryCommented:
Assuming you are using command prompt this is the code I always use.

#include<iostream.h>
#include<conio.h>

bool CheckPassword();
void main()
{
 bool Valid;

     Valid = CheckPassword();

}

bool CheckPassword()
{
     char ch;
     char password[] = "password";
     int count = 0;
     ch = getch();
     while (int(ch) != 13)
     {

          if (password[count] != ch){
               return false;
          }
          else ch = getch();
     
          count++;
     }
         
return true;
}
0
 
AuguryCommented:
Assuming you are using command prompt this is the code I always use.

#include<iostream.h>
#include<conio.h>

bool CheckPassword();
void main()
{
 bool Valid;

     Valid = CheckPassword();

}

bool CheckPassword()
{
     char ch;
     char password[] = "password";
     int count = 0;
     ch = getch();
     while (int(ch) != 13)
     {

          if (password[count] != ch){
               return false;
          }
          else ch = getch();
     
          count++;
     }
         
return true;
}
0
 
AuguryCommented:
Assuming you are using command prompt this is the code I always use.

#include<iostream.h>
#include<conio.h>

bool CheckPassword();
void main()
{
 bool Valid;

     Valid = CheckPassword();

}

bool CheckPassword()
{
     char ch;
     char password[] = "password";
     int count = 0;
     ch = getch();
     while (int(ch) != 13)
     {

          if (password[count] != ch){
               return false;
          }
          else ch = getch();
     
          count++;
     }
         
return true;
}
0
 
Mayank SAssociate Director - Product EngineeringCommented:
Augury,

Please don't click on 'Refresh' ro refresh this page. Use the 'Reload This Question' link on the left-hand side.

Thanks,

Mayank.
0
 
sh0eCommented:
augury..
ur code does basically the same thing mayans did..
and may be problematic as it uses a non-standard library (conio.h)
that will not be supported by all compilers
it also does not provide the asterix password masking that the original question asked for

and i must say the method is very inefficient and flawed
why is it flawed? this allows the user to guess what characters are in the password
it stops immediately after one character typed in is wrong
thus for the first character i could try a-z.. then for the second character a-z
and so on.. and i will no exactly if i have 2 right.. or 3 right.. until i get the password
thus this can be cracked in realtime quite trivially.. even possibly by human input
inefficient in the way that it checks the characters in the password

i hope you dont use that function in any production programs.. *shudder*
0
 
AuguryCommented:
sh0e:

I did not refresh until after I posted. So I did not see mayankeagle post. Second, you can not use the getch command without using conio. Every compiler I have ever used has a version of conio that contains getch.

Secondly, this is just a template. Its actually a piece of code from a private chat program in which I need realtime encryption I wrote years ago. This is just a piece of that with all the other stuff removed. The way the question I interrupted that he/she was requesting a method not a working program.

Finally, I highly doubt you could brute force crack a password in real time. There are 62 possibiliies for each character (using only A-Z, a-z, and 0-9). There are 3844 combinations for a two letter password.

To fix your problems you simply have to:
add:
  while (int(ch)!= 13) ch = getch();
@ line 26
  if (int(password[count]) > 0) return false;
@ line 35


so your function would look like:
bool CheckPassword()
{
    char ch;
    char password[] = "password";
    int count = 0;
    ch = getch();
    while (int(ch) != 13)
    {

         if (password[count] != ch){

                while (int(ch)!= 13) ch = getch();
                return false;
         }
         else ch = getch();
   
         count++;
    }

     if (int(password[count]) > 0) return false;
     
return true;
}
0
 
AuguryCommented:
I apologize for my repeated posting as I did not realize refreshing would have that effect.
0
 
AuguryCommented:
The below attach program takes input, replaces and replaces it with a *.

#include<iostream.h>
#include<conio.h>

bool CheckPassword();
void main()
{
bool Valid;


    Valid = CheckPassword();

}

bool CheckPassword()
{
    char ch;
    char password[] = "password";
    int count = 0;

     
     ch = getch();

    while (int(ch) != 13)
    {

         if (password[count] != ch){

                while (int(ch)!= 13) {
                    cout<<"*"<<flush;
                     ch = getch();
                }
               
               
                return false;
         }
         else {
                   cout<<"*"<<flush;
                    ch = getch();
           }
         
           count++;
    }

     if (int(password[count]) > 0) return false;
     
return true;
}
0
 
sh0eCommented:
it is definitely real time..
first of all.. 3000 is real time for a computer application to crack
second of all it is not 3000
it would be 62*(number of chars) possibilities
because you would be cracking each individual character at a time
i think uve misunderstood the method.. it takes advantage of the fact that you stop after every character thats wrong
say password = password
try a-z 0-9 to find p
type p and then a-z 0-9 to find a
type pa and then a-z 0-9 to find s
so on..
this yields only 8*62=462 combinations.. this is human crackable
0
 
sh0eCommented:
i meant 3000+ if you want to be nitpicky ;)
0
 
sh0eCommented:
and i was stating that conio.h is not supported by all compilers.. which makes ur use of it not a good thing
i did not make the statement that its needed to do that
0
 
AuguryCommented:
sh0e:

I just want it noted that for someone who has done a lot of complaining you have not offered anything that could be considered within the general scope or help.

Primary my post was to be used for bealucas to write his/her own function/class. I have since updated the little snippet with two less then 5 lines of code and have fixed every issue you have brought up. It was not my understand that this message board was to be used to get your work done for you. It is unfortunate that in an attempt to help a stranger you have to run into assholes like yourself.

Andrew
0
 
sh0eCommented:
augury:
i have not offered anything for lack of a response from questioner
he did not specify in what environment this is to be done
and i would rather say that you guys are "assuming" things without knowing the full scope of what is required
it is analagous to a doctor offering random medicine without examining the patient

and i am not "complaining" as you put it but criticizing your application as erroneous and flawed
and i am explaining in more detail the problem as you do not seem to be acknowledging it "since [you] fixed the problem"
additionally ur added embedded loops make the program even more inefficient

besides.. your tip is partially useless when mayan has produced
something that already works prior to yours and actually is more efficient and not as flawed

please refrain from using such crude and offensive remarks as they are unfounded and misplaced
for the sake of your own dignity as well as mine and others reading sake
i have made no directly offensive or provocative remarks that warrant your ill placed response
0
 
Mayank SAssociate Director - Product EngineeringCommented:
Oops, sorry I missed this statement:

>> if ( ch != ENTER )
>>   temp[count++] = (char) ch ; // end if

if ( ch != ENTER )
{
  temp[count++] = (char) ch ;
  cout << "*" ;

} // end if

// It should not display a '*' when 'Enter' is pressed.

So, now its:

const int ENTER = 13 ; // The 'Enter' key
const int MAX = 16 ; // maximum size of password
const char password[] = "MyPassword" ;
char temp[MAX+1] ;

int count = 0, ch ;

do
{
  ch = getch () ;
 
  if ( ch != ENTER )
  {
    temp[count++] = (char) ch ;
    cout << "*" ;

  } // end if

  else
    break ; // end else

} while ( count != MAX ) ; // end do-while

temp[count] = '\0' ; // end if

if ( strcmp ( password, temp ) == 0 )
  cout << "\n Correct! " ; // end if

else
  cout << "\n Incorrect. " ; // end else


Mayank.
0
 
AuguryCommented:
sh0e:

You have obviously not taken anything resembling statistics as your mathematics does not allow for combinations.

Again, you comment on my code as though it were an application. I was unaware that this message board or this post was a request for a complete solution. If you read the question (I am assuming you can read) he says
   I would like to know how to make a program have
   to have a password security.
The method I have given is quite adaptable and is well within the scope of the question. Not to mention mayankeagle use of the strcmp function which is very inefficient.

Shoe, if I had to venture a guess I would safely assume you have little to know real world programming experience. I can think of so few instances when a hard coded password. Finally, my solution and my corrections were both done in under 5 minutes total. This is due to the fact that both were an attempt to give demonstrations as to how to do the above stated question. You may not have insulted me directly, but you have insulted me with you asinine responses. It is again unfortunate that in an attempt to help someone seeking help one has to encounter an idiot like yourself.

Andrew
0
 
Mayank SAssociate Director - Product EngineeringCommented:
>> Not to mention mayankeagle use of the strcmp function which is very inefficient.

If you need to check the password after the user presses the 'Enter' key (which is the way that it should be), or when it exceeds the total number of characters allowed, then you definitely need a loop (or a call to a function like strcmp ()) to compare the entered password with the original one. I have (and I guess everyone has) only come across applications where the entered password is checked after pressing the 'Enter' key.

Regards,

Mayank.
0
 
Mayank SAssociate Director - Product EngineeringCommented:
>> I did not refresh until after I posted. So I did not see mayankeagle post.

Man! That's plenty of time difference.. anyways, just kiddin'

Actually, no hard feelings, Augury, but I agree with sh0e that by your method, the password can be cracked in real time.

Mayank.
0
 
Mayank SAssociate Director - Product EngineeringCommented:
>> you have insulted me with you asinine responses. It is again unfortunate that in an attempt to help someone seeking help one has to encounter an idiot like yourself

Cool it, guys!

Augury, please don't try simply to defend yourself, but try to understand why sh0e is trying to point out a mistake. Its a matter of fact, that if somebody decides to give it a whole day, then he may easily crack the password by your method.

Please don't use offesive language, guys! We're here to help the questioner, not to fight amongst ourselves.

Cheers :-),

Mayank.
0
 
sh0eCommented:
hahaha augury your blatant attempts to undermine me with my profile information is entertaining

it is obvious that your understanding of security and programming is limited
the logic error in your original code and the structure you have used in the authentication clearly shows
a template for what? how is it extensible please enlighten me?
you are using a character by character comparison scheme depending on a plaintext hardcoded string
you have embedded the a single character input reading into a function..
thats not adaptable

yes i can read very well thank you
"Title: In C++, user writes a password and the screen displays astericks like a user name/password."
notice the emphasis on password masking which you left out in the original code

btw there are no combinations in what i described
it is so simplistic that it needs no statistical explanation
i was describing a way to find the original password.. if you dont understand it you need to think harder
input: 62 different possibilities for first character
i find 'p' is the first character.. having done that
i use p for the first in my next brute force
input: p(62 different possibilities)
i find 'a' as the second character
worst case scenario is 62*(number of characters) to find the original password
no manner of password encryption would help with such a weak authentication scheme.. if it can be even called that
and you also dont seem to realize that all you need to get is the first character correct
namely for your example typing 'p' would return true

and yet again you escalate your flame..
since you insist i will gladly partake in your little sludge fest in another forum
namely the lounge at this thread:
http://www.experts-exchange.com/Miscellaneous/Q_20569826.html
it has been a while since ive had reason to stomp dignity
0
 
Mayank SAssociate Director - Product EngineeringCommented:
>> you have to run into assholes like yourself

I think the rules of EE also strictly state that such abusing words are not to be used. That's what the member agreement said.

Mayank.
0
 
sh0eCommented:
mayan try to move stuff like that to the other thread.. this is starting to look like a trolled thread
if it persists ill ask cs to try and clean it up
0
 
sh0eCommented:
http://www.experts-exchange.com/Miscellaneous/Lounge/Q_20569884.html
better placement in the lounge

 got flames?


everything from the arrow down proclaimed only on
questioner subject matter
when the issue has been resolved.. the conclusion shall be posted as finalization
please do not be inconsiderate or dumb enough to trespass
----->
0
 
Computer101Commented:
First of all, flaming will not happen in this thread.  Second, if the language continues, you will probably be getting a mail from me.

Drive on with the question

Computer101
E-E Admin
0
 
CleanupPingCommented:
bealucas:
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1 
EXPERTS:
Post your closing recommendations!  No comment means you don't care.
0
 
Mayank SAssociate Director - Product EngineeringCommented:
Recommendation: Accept mayankeagle's comment as answer.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

  • 10
  • 8
  • 8
  • +3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now