- Forum
- General C++ Programming
- c++ help
c++ help
Traditional password entry schemes are susceptible to “shoulder surfing” in which an attacker watches
an unsuspecting user enter their password or PIN number and uses it later to gain access to the account.
One way to combat this problem is with a randomized challenge-response system. In these systems, the
user enters different information every time based on a secret in response to a randomly generated
challenge.
Consider the following scheme in which the password consists of a five-digit PIN number (00000 to
99999). Each digit is assigned a random number that is 1, 2, or 3. The user enters the random numbers
that correspond to their PIN instead of their actual PIN numbers.
For example, consider an actual PIN number of 12345. To authenticate the user would be presented
with a screen such as:
PIN: 0 1 2 3 4 5 6 7 8 9
NUM: 3 2 3 1 1 3 2 2 1 1
The user would enter 23113 instead of 12345. This doesn’t divulge the password even if an attacker
intercepts the entry because 23113 could correspond to other PIN numbers, such as 69440 or 70439.
The next time the user logs in, a different sequence of random numbers would be generated, such as:
PIN: 0 1 2 3 4 5 6 7 8 9
NUM: 1 1 2 3 1 2 2 3 3 1
Your program should simulate the authentication process. Store an actual PIN number of length 5 in
your program. The program should use an array to assign random numbers to the digits from 0 to 9.
Output the random digits to the screen, input the response from the user, and output whether or not the
user’s response correctly matches the PIN number.
You can get a random number by calling the function rand, which will return an integer in the range 0
to RAND_MAX (32767) or higher. Usually, a number between 0 and RAND_MAX is not. what is
desired, in which case the random number can be scaled by modulus and addition. For example, to
generate random number from 1 to 3 you could use the following:
srand(time(0));
int r = (rand() % 3) + 1;
The use requires you to include the following libraries.
#include <cstdlib>
#include <ctime>
an unsuspecting user enter their password or PIN number and uses it later to gain access to the account.
One way to combat this problem is with a randomized challenge-response system. In these systems, the
user enters different information every time based on a secret in response to a randomly generated
challenge.
Consider the following scheme in which the password consists of a five-digit PIN number (00000 to
99999). Each digit is assigned a random number that is 1, 2, or 3. The user enters the random numbers
that correspond to their PIN instead of their actual PIN numbers.
For example, consider an actual PIN number of 12345. To authenticate the user would be presented
with a screen such as:
PIN: 0 1 2 3 4 5 6 7 8 9
NUM: 3 2 3 1 1 3 2 2 1 1
The user would enter 23113 instead of 12345. This doesn’t divulge the password even if an attacker
intercepts the entry because 23113 could correspond to other PIN numbers, such as 69440 or 70439.
The next time the user logs in, a different sequence of random numbers would be generated, such as:
PIN: 0 1 2 3 4 5 6 7 8 9
NUM: 1 1 2 3 1 2 2 3 3 1
Your program should simulate the authentication process. Store an actual PIN number of length 5 in
your program. The program should use an array to assign random numbers to the digits from 0 to 9.
Output the random digits to the screen, input the response from the user, and output whether or not the
user’s response correctly matches the PIN number.
You can get a random number by calling the function rand, which will return an integer in the range 0
to RAND_MAX (32767) or higher. Usually, a number between 0 and RAND_MAX is not. what is
desired, in which case the random number can be scaled by modulus and addition. For example, to
generate random number from 1 to 3 you could use the following:
srand(time(0));
int r = (rand() % 3) + 1;
The use requires you to include the following libraries.
#include <cstdlib>
#include <ctime>
Start at the beginning.
Have a go at that. Show us how you get on. Then do the next step.
| Store an actual PIN number of length 5 in your program |
Have a go at that. Show us how you get on. Then do the next step.
int NUM[10];
int PIN[5];
int PIN_NEW[5];
for(int i = 0; i < 5; ++i) {
int digit = PIN[i];
PIN_NEW[i] = NUM[digit];
}
int PIN[5];
int PIN_NEW[5];
for(int i = 0; i < 5; ++i) {
int digit = PIN[i];
PIN_NEW[i] = NUM[digit];
}
That simply doesn't work.
So when you finish, PIN_NEW[i] contains unknown values from −9,223,372,036,854,775,808 to +9,223,372,036,854,775,807 , or the program has crashed. I suspect crashed.
Here's how you could have done it.
Anyway, next piece.
You need an array of size ten, containing only the numbers 1, 2 and 3.
The simple C random number generator is awful but fine for this. I suggest you write a little function that gives you a random number from 1 to 3, and then call it ten times, each time storing the return value in the array of size ten you made.
http://www.cplusplus.com/reference/cstdlib/rand/
http://www.cplusplus.com/reference/cstdlib/srand/
|
|
So when you finish, PIN_NEW[i] contains unknown values from −9,223,372,036,854,775,808 to +9,223,372,036,854,775,807 , or the program has crashed. I suspect crashed.
Here's how you could have done it.
|
|
Anyway, next piece.
| The program should use an array to assign random numbers to the digits from 0 to 9. |
You need an array of size ten, containing only the numbers 1, 2 and 3.
The simple C random number generator is awful but fine for this. I suggest you write a little function that gives you a random number from 1 to 3, and then call it ten times, each time storing the return value in the array of size ten you made.
http://www.cplusplus.com/reference/cstdlib/rand/
http://www.cplusplus.com/reference/cstdlib/srand/
Last edited on
Topic archived. No new replies allowed.