Array,
Hello All,
So just to make it clear I don't want anyone to do my homework for me. I'm just looking for some much needed guidance. Here's the question:
"Traditional password entry schemes are susceptible to “shoulder surfing” in which an
attacker watches an unsuspecting user enter their password or PIN number and uses it
later to gain access to the account. One way to combat this problem is with a randomized
challenge response system. In these systems, the user enters different information every
time based on a secret in response to a randomly generated challenge. Consider the
following scheme in which the password consists of five-digit PIN number (00000 to 99999).
Each digit is assigned a random number that is 1, 2, or 3. Use the rand function. The user
enters the random numbers that correspond to their PIN instead of their actual PIN
numbers.
For example, consider an actual PIN number of 12345. To authenticate your program
should display the PIN and NUM as follows:
PIN: 0 1 2 3 4 5 6 7 8 9
NUM: 3 2 3 1 1 3 2 2 1 3
The user would enter 23113 instead of 12345. This does not divulge the password even if an
attacker intercepts the entry because 23113 could correspond to other PIN numbers, such
as 69440 or 70439. The next time the user logs in, a different sequence of random numbers
would be generated, such as:
PIN: 0 1 2 3 4 5 6 7 8 9
NUM: 1 1 2 3 1 2 2 2 3 3
Store an actual PIN number in your program. The program should use an array to assign random numbers to the digits from 0 to 9. Display the random digits on the screen, input the answer from the user, and display whether or not the user's response correctly matches the PIN
"
The main problem I'm having is figuring out how to authenticate the entered PIN from the user with the stored PIN. Since the numbers they enter will change everytime.
I have no code relating to this matter, so nothing worth while to post. Just looking for what I should use. (I'm in a very begining CS class so nothing too advanced)
Thank you all so much!
So just to make it clear I don't want anyone to do my homework for me. I'm just looking for some much needed guidance. Here's the question:
"Traditional password entry schemes are susceptible to “shoulder surfing” in which an
attacker watches an unsuspecting user enter their password or PIN number and uses it
later to gain access to the account. One way to combat this problem is with a randomized
challenge response system. In these systems, the user enters different information every
time based on a secret in response to a randomly generated challenge. Consider the
following scheme in which the password consists of five-digit PIN number (00000 to 99999).
Each digit is assigned a random number that is 1, 2, or 3. Use the rand function. The user
enters the random numbers that correspond to their PIN instead of their actual PIN
numbers.
For example, consider an actual PIN number of 12345. To authenticate your program
should display the PIN and NUM as follows:
PIN: 0 1 2 3 4 5 6 7 8 9
NUM: 3 2 3 1 1 3 2 2 1 3
The user would enter 23113 instead of 12345. This does not divulge the password even if an
attacker intercepts the entry because 23113 could correspond to other PIN numbers, such
as 69440 or 70439. The next time the user logs in, a different sequence of random numbers
would be generated, such as:
PIN: 0 1 2 3 4 5 6 7 8 9
NUM: 1 1 2 3 1 2 2 2 3 3
Store an actual PIN number in your program. The program should use an array to assign random numbers to the digits from 0 to 9. Display the random digits on the screen, input the answer from the user, and display whether or not the user's response correctly matches the PIN
"
The main problem I'm having is figuring out how to authenticate the entered PIN from the user with the stored PIN. Since the numbers they enter will change everytime.
I have no code relating to this matter, so nothing worth while to post. Just looking for what I should use. (I'm in a very begining CS class so nothing too advanced)
Thank you all so much!
Last edited on
1. Create NUM translation table as assigment asks you.
2. Replace digits in PIN with corresponding in NUM (save it as NEW_PIN to avoid overwriting)
3. Compare NEW_PIN with string entered by user.
Example (
2. Replace digits in PIN with corresponding in NUM (save it as NEW_PIN to avoid overwriting)
3. Compare NEW_PIN with string entered by user.
Example (
|
|
Last edited on
Either convert entered string to array of numbers:
Or modify code to store c-string in NEW_PIN and compare it with entered one:
|
|
Or modify code to store c-string in NEW_PIN and compare it with entered one:
|
|
Please, do not remove question after you get an answer. It is rude to other users which have similar problem and makes hard to search forum.
Original OP post:
Original OP post:
| pipeline1 wrote: |
|---|
| Hello All, So just to make it clear I don't want anyone to do my homework for me. I'm just looking for some much needed guidance. Here's the question: "Traditional password entry schemes are susceptible to “shoulder surfing” in which an attacker watches an unsuspecting user enter their password or PIN number and uses it later to gain access to the account. One way to combat this problem is with a randomized challenge response system. In these systems, the user enters different information every time based on a secret in response to a randomly generated challenge. Consider the following scheme in which the password consists of five-digit PIN number (00000 to 99999). Each digit is assigned a random number that is 1, 2, or 3. Use the rand function. The user enters the random numbers that correspond to their PIN instead of their actual PIN numbers. For example, consider an actual PIN number of 12345. To authenticate your program should display the PIN and NUM as follows: PIN: 0 1 2 3 4 5 6 7 8 9 NUM: 3 2 3 1 1 3 2 2 1 3 The user would enter 23113 instead of 12345. This does not divulge the password even if an attacker intercepts the entry because 23113 could correspond to other PIN numbers, such as 69440 or 70439. The next time the user logs in, a different sequence of random numbers would be generated, such as: PIN: 0 1 2 3 4 5 6 7 8 9 NUM: 1 1 2 3 1 2 2 2 3 3 Store an actual PIN number in your program. The program should use an array to assign random numbers to the digits from 0 to 9. Display the random digits on the screen, input the answer from the user, and display whether or not the user's response correctly matches the PIN " The main problem I'm having is figuring out how to authenticate the entered PIN from the user with the stored PIN. Since the numbers they enter will change everytime. I have no code relating to this matter, so nothing worth while to post. Just looking for what I should use. (I'm in a very begining CS class so nothing too advanced) Thank you all so much! |
oh my mistake! I thought it would be nice to clear the forum after I finished with it. Didn't even think about that! My apologies!
@MiiNiPaa
I'm struggling with the same problem. I took your advice and broke the pin into an array of numbers and tried to verify them that way. However, when I wanted to do the same thing with the pin they reentered a run into a wall. Here is what I have.
It seems to me like it should work, however, each part of pinReStore comes out as 0x28fe94. I have pinRenter set as a char and pinReStore set as an int, just as you did in the above example. Can you see what's wrong?
I'm struggling with the same problem. I took your advice and broke the pin into an array of numbers and tried to verify them that way. However, when I wanted to do the same thing with the pin they reentered a run into a wall. Here is what I have.
|
|
It seems to me like it should work, however, each part of pinReStore comes out as 0x28fe94. I have pinRenter set as a char and pinReStore set as an int, just as you did in the above example. Can you see what's wrong?
Last edited on
I actually figured out what I did and no longer am using that. I instead used your advise and I'm using the strcmp(). Working great. Thanks
Topic archived. No new replies allowed.