Array,

Hello All,

So just to make it clear I don't want anyone to do my homework for me. I'm just looking for some much needed guidance. Here's the question:

"Traditional password entry schemes are susceptible to “shoulder surfing” in which an
attacker watches an unsuspecting user enter their password or PIN number and uses it
later to gain access to the account. One way to combat this problem is with a randomized
challenge response system. In these systems, the user enters different information every
time based on a secret in response to a randomly generated challenge. Consider the
following scheme in which the password consists of five-digit PIN number (00000 to 99999).
Each digit is assigned a random number that is 1, 2, or 3. Use the rand function. The user
enters the random numbers that correspond to their PIN instead of their actual PIN
numbers.
For example, consider an actual PIN number of 12345. To authenticate your program
should display the PIN and NUM as follows:
PIN: 0 1 2 3 4 5 6 7 8 9
NUM: 3 2 3 1 1 3 2 2 1 3
The user would enter 23113 instead of 12345. This does not divulge the password even if an
attacker intercepts the entry because 23113 could correspond to other PIN numbers, such
as 69440 or 70439. The next time the user logs in, a different sequence of random numbers
would be generated, such as:
PIN: 0 1 2 3 4 5 6 7 8 9
NUM: 1 1 2 3 1 2 2 2 3 3

Store an actual PIN number in your program. The program should use an array to assign random numbers to the digits from 0 to 9. Display the random digits on the screen, input the answer from the user, and display whether or not the user's response correctly matches the PIN

"



The main problem I'm having is figuring out how to authenticate the entered PIN from the user with the stored PIN. Since the numbers they enter will change everytime.
I have no code relating to this matter, so nothing worth while to post. Just looking for what I should use. (I'm in a very begining CS class so nothing too advanced)

Thank you all so much!
Last edited on
1. Create NUM translation table as assigment asks you.
2. Replace digits in PIN with corresponding in NUM (save it as NEW_PIN to avoid overwriting)
3. Compare NEW_PIN with string entered by user.

Example (
1
2
3
4
5
6
7
8
9
10
11
int NUM[10]; // = {3, 2, 3, 1, 1, 3, 2, 2, 1, 3}
//Fill NUM with rand() function
int PIN[5]; //5 digits
//Read PIN from database
int PIN_NEW[5];
for(int i = 0; i < 5; ++i) {
    int digit = PIN[i];
    PIN_NEW[i] = NUM[digit];
}
//Get user input and transform it to array of numbers.
//Compare two arrays 
Last edited on
null
Last edited on
Either convert entered string to array of numbers:
1
2
3
4
5
6
char input[6]; //5 for digits + 1 for trailing zero.
std::cin >> input;
int ENTERED_PIN[5];
for (int i = 0; i < 5; ++i)
    ENTERED_PIN[i] = input[i] - '0';
//Now compare two integer arrays 

Or modify code to store c-string in NEW_PIN and compare it with entered one:
1
2
3
4
5
6
7
8
9
char PIN_NEW[6];
for(int i = 0; i < 5; ++i) {
    int digit = PIN[i];
    PIN_NEW[i] = NUM[digit] + '0';
}
PIN_NEW[5] = '\0';
char input[6]; 
std::cin >> input;
//compare PIN_NEW and ENTERED_PIN using strcmp 
null
Last edited on
Please, do not remove question after you get an answer. It is rude to other users which have similar problem and makes hard to search forum.

Original OP post:
pipeline1 wrote:
Hello All,

So just to make it clear I don't want anyone to do my homework for me. I'm just looking for some much needed guidance. Here's the question:

"Traditional password entry schemes are susceptible to “shoulder surfing” in which an
attacker watches an unsuspecting user enter their password or PIN number and uses it
later to gain access to the account. One way to combat this problem is with a randomized
challenge response system. In these systems, the user enters different information every
time based on a secret in response to a randomly generated challenge. Consider the
following scheme in which the password consists of five-digit PIN number (00000 to 99999).
Each digit is assigned a random number that is 1, 2, or 3. Use the rand function. The user
enters the random numbers that correspond to their PIN instead of their actual PIN
numbers.
For example, consider an actual PIN number of 12345. To authenticate your program
should display the PIN and NUM as follows:
PIN: 0 1 2 3 4 5 6 7 8 9
NUM: 3 2 3 1 1 3 2 2 1 3
The user would enter 23113 instead of 12345. This does not divulge the password even if an
attacker intercepts the entry because 23113 could correspond to other PIN numbers, such
as 69440 or 70439. The next time the user logs in, a different sequence of random numbers
would be generated, such as:
PIN: 0 1 2 3 4 5 6 7 8 9
NUM: 1 1 2 3 1 2 2 2 3 3

Store an actual PIN number in your program. The program should use an array to assign random numbers to the digits from 0 to 9. Display the random digits on the screen, input the answer from the user, and display whether or not the user's response correctly matches the PIN

"



The main problem I'm having is figuring out how to authenticate the entered PIN from the user with the stored PIN. Since the numbers they enter will change everytime.
I have no code relating to this matter, so nothing worth while to post. Just looking for what I should use. (I'm in a very begining CS class so nothing too advanced)

Thank you all so much!
oh my mistake! I thought it would be nice to clear the forum after I finished with it. Didn't even think about that! My apologies!
@MiiNiPaa

I'm struggling with the same problem. I took your advice and broke the pin into an array of numbers and tried to verify them that way. However, when I wanted to do the same thing with the pin they reentered a run into a wall. Here is what I have.

1
2
3
4
5
6
7
cin >> pinReenter;


    for (int i = 0; i < 5; i++)
    {
        pinReStore[i] = pinReenter[i] - '0'
    }


It seems to me like it should work, however, each part of pinReStore comes out as 0x28fe94. I have pinRenter set as a char and pinReStore set as an int, just as you did in the above example. Can you see what's wrong?
Last edited on
I believe problem lies elsewhere in your code. Post it here.
I actually figured out what I did and no longer am using that. I instead used your advise and I'm using the strcmp(). Working great. Thanks
Topic archived. No new replies allowed.