Link to home
Start Free TrialLog in
Avatar of smfmetro10
smfmetro10Flag for United States of America

asked on

display numeric strength of password

Hi,

I am trying to display the numeric strength of a password.

A-Z = 1 a-z=1
any number = 2
special characters=3

the password is invalid if it does not contain a letter and a number or has spaces.

This is what I have so far, but Im stuck on the assinging a value part.

Thanks for the help!

//

//  main.cpp
 
//  Password Check
 
//
 
//  Created by David Caldwell on 10/31/12.
 
//  Copyright (c) 2012 David Caldwell. All rights reserved.
 
//
 



#include <iostream>
 
#include <cstdlib>
 
#include <fstream>
 
using namespace std;
 






int main()
 
{
 
    int count=0;
 
    char password, verify1, verify2, verify3, verify4;
 
   
 
   
 
    cout << "Welcome.\n" <<
 
    "This program helps you to determine the strength\n" <<
 
    "of any password you may chose, based on all of the following criteria for password strength:\n" <<
 
    "1.At least 12 total characters.\n" <<
 
    "2.At least one digit.\n" <<
 
    "3.At least one lowercase letter.\n" <<
 
    "4.At least one uppercase letter.\n" <<
 
    "5.At least one character that is neither a letter nor a number,\n" ;
 
   
 
    cout << "Now enter your choice of password:\n";
 
   
 
    do
 
    {
 
        cin.get(password);
 
       
 
        if (isupper(password))
 
            verify1 = 'y';
 
        else
 
            verify1 = 'n';
 
       
 
        if (islower(password))
 
            verify2 = 'y';
 
        else
 
            verify2 = 'n';        
 
        if (isdigit(password))
 
            verify3 = 'y';
 
        else
 
            verify3 = 'n';
 
        if (isalpha(password))
 
            verify4 = 'y';
 
        else
 
            verify4 = 'n';
        count ++;
 
    }while (password != '\n');  
 
    if ((verify1 == 'y' && verify2 == 'y') && (verify3 == 'y' && verify4 == 'n') && (count >= 12))

    {
 
        {
 
            cout << "This password looks pretty good.\n";
 
        }
 
    }
 
    else
 
    {
 
        if (verify1 == 'n')
 
            cout << "Your password does not have at least one uppercase letter.\n" << endl;

        if (verify2 == 'n')
 
            cout << "Your password does not have at least one lowercase letter.\n" << endl;

        if (verify3 == 'n')
 
            cout << "Your password does not have at least one digit.\n"<< endl;
 
        if (verify4 == 'y')
 
            cout << "Your password does not have at least character that is neither\n"
 
            "a letter nor a number.\n" << endl;
 
        if (count < 12)
 
            cout << "Your password should be at least 12 characters long.\n"<< endl;

    }  
 
    while ((verify1 == 'n' || verify2 == 'n') || (verify3 == 'n' || verify4 == 'y') || (count < 12))

    {
 
        cout << "Please enter another password for verification.\n";
 
        do
 
        {
 
            cin.get(password);
 
        }while (password != '\n');
 
    }    
 
    char wait; cin >> wait;
 
    return 0;    
 
}
Avatar of evilrix
evilrix
Flag of United Kingdom of Great Britain and Northern Ireland image

Can you be a little more specific about what it is you are stuck with? Also, you might want to consider using a bool rather than a char for the verify flags. You might also want to consider using an array rather than 4 different variables. You could actually do this using a single char and  setting bits but you can use bools to keep it simple.
ASKER CERTIFIED SOLUTION
Avatar of lomo74
lomo74
Flag of Italy image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
@evilrix: no problem.
If it turns out that it isn't an academic assignment, I expect you to promptly restore my post.
you need to count each type of characters separately. then the strength would calculate as count_upper*1 + count_lower*1 + count_digit*2 + count_special*3.

generally, i would use getline to read the pass"word" into a string rather than reading each single character. the length of input you would get by string::length function. then you could "parse" the string character by character from index 0 to length-1 by using  a for loop and increment the counters. the counters also would be a substitute for the verify flags cause a count of 0 means 'n' and count > 0 means 'y'. that also would correct your current flaw that a 'y' set for a character was reset to 'n' if the next character has another type.

Sara
Avatar of smfmetro10

ASKER

Actually this was just a discussion my brother and i were having yesterday  and I'm not very well versed in C++ .  I'm far removed from academia now, I work as a webmaster for an international communications company where I mainly use scripting languages (ColdFusion, PHP etc) So, just thought I would "throw it over the fence" to you guys to see if you had an answer to our little "debate"

No worries!

Thanks!
Avatar of phoffric
phoffric

There are no doubt multiple ways to compute password strength. Here is a discussion of entropy which is correlated to the amount of operations (and therefore time) necessary to hack the password:

http://en.wikipedia.org/wiki/Password_strength#Entropy_as_a_measure_of_password_strength

If you really want to research further, here is a good place to start. It is a government document (yes, governments are very interested in password strength). See the section entitled Appendix A: Estimating Password Entropy and Strength. There are 8 pages of discussions and figures for you to keep you in deep thought for awhile.
    http://csrc.nist.gov/publications/nistpubs/800-63/SP800-63V1_0_2.pdf
Here is a simplified (maybe simplistic when compared to the above government document) classroom video to compute either required number of symbols or required length for a desired entropy.
     http://www.youtube.com/watch?v=lPKWCjstc1U
Thanks!
there is a bug indeed...
the statement
verify1 = verify2 = verify3 = verify4 = false;

Open in new window

goes inside the
while (true)

Open in new window

loop because the verify flags must be reset at each run.
and Sara is correct, reading one character at a time is not that good... use getline instead.
ciao --