C++

Forum

 
c++ password storage + masking input

nooblike (3)
Hello everyone, I'm pretty new to programming - just starting out with C++. So I wanted to make an application - just for fun - which would mask user input with asterisks. I did some research in local cplusplus.com tutorials and found exactly what I was looking for. As you can see inside the code below it works fine but only checks password from a char I put - "correct_password". I thought it'd be more challenging to extend options. The program would write two options out: 1. register - just put your login and password (without asterisks), then store it into a file (fstream I guess), 2. login - after putting login and password (with asterisks just the way it is in getpass) it would check the file for data if user is actually registered. Even thought maybe about encrypting data in that file, although I have no idea how to proceed. Well, it's just made up thing to learn some new stuff, I know it's not really a THING and there's no really a purpose to write such code - just messing around with C++. Maybe you got some ideas how to snap that? After I wrote this asterisk thing i don't really see where I should put those other options, storing in file and so on. Would love to go through some ideas and appreciate the input from more experienced coders :)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
 
#include <iostream>
#include <string>
#include <windows.h>

using namespace std;

string getpass(const char *dat, bool s_asterisk=true)
{
  const char BACKSPACE=8;
  const char RETURN=13;

  string password;
  unsigned char ch=0;

  cout << dat;

  DWORD con_mode;
  DWORD dwRead;

  HANDLE hIn=GetStdHandle(STD_INPUT_HANDLE);

  GetConsoleMode( hIn, &con_mode );
  SetConsoleMode( hIn, con_mode & ~(ENABLE_ECHO_INPUT | ENABLE_LINE_INPUT) );

  while(ReadConsoleA( hIn, &ch, 1, &dwRead, NULL) && ch !=RETURN)
    {
       if(ch==BACKSPACE)
         {
            if(password.length()!=0)
              {
                 if(s_asterisk)
                     cout <<"\b \b";
                 password.resize(password.length()-1);
              }
         }
       else
         {
             password+=ch;
             if(s_asterisk)
                 cout <<'*';
         }
    }
  cout << endl;
  return password;
}



int main()
{
  const char *correct_password="fdsidfjsijdsf21128321873";

    START:

  string password=getpass("Enter the password: ",true);
  if(password==correct_password){
      cout <<"\nCorrect password."<<endl;
      exit(1);
  }else{
      cout <<"\nIncorrect password. Try again.\n"<<endl;
      goto START;
  }

  return 0;
}
helios (17506)
Even thought maybe about encrypting data in that file, although I have no idea how to proceed.
What you need is a hash function. A hash function is a one-way function that transforms an arbitrary piece of data (e.g. a string) into a fixed-size piece of data (e.g. exactly four numbers) in such a way that:
1. The same input must always produce the same output.
2. The input that produced a given output must be difficult to guess.
3. It must be difficult to guess two inputs that produce the same output.

For the specific porpose of hashing passwords, another desirable property is that the functions should be relatively "difficult" to compute (it should use relatively lots of CPU power and memory). The idea is that when a user tries to log in, they'll cause the function to run once or twice at most, taking a hundredth of a second and using maybe a megabyte of RAM. If an attacker is trying to crack the password, they'll only be able to run it a hundred times per second per core, severely limiting the practicality of the attack.
Topic archived. No new replies allowed.