-
July 11th, 2005, 10:11 AM
#1
C++ //Password protection on entry
Hi,
I have only just started programming in C++, so please bare with me, but after reading quite a lot over the weekend, I managed to make a simple yet "imperfect" password protection on entry to a program, similar to a login. Here is my code:
Code:
#include <iostream>
//An attempt at password protection
//By J_K9 -- 10/07/2005
int main()
{
const int passwd = 13579;
int input_passwd;
std::cout << "Please enter your password: ";
std::cin >> input_passwd;
if (input_passwd == passwd)
std::cout << "\nEnter!\n";
else
std::cout << "\nSorry! Wrong password!\n";
return 0;
}
I have compiled this and I know it works. Then I decided that I wanted an alpha-numeric password, but I had an odd complaint from g++ when I tried replacing the "int" values with "char", and changing the passwd to "lycrolite" (including speech marks). My code can be found here. The error I received was:
Code:
jk9@ubuntu:~/CPP/000my_stuff/pass_prot2$ g++ passprot2.cpp
passprot2.cpp: In function `int main()':
passprot2.cpp:8: error: invalid conversion from `const char*' to `char'
I didn't understand what the problem was, as I had checked and rechecked the code and it seemed flawless, but then I asked a member of another forum and he told me that I needed to use either string classes or character arrays, and he rewrote it as it should be (his code can be found here).
I will read up on string classes and character arrays, but can I just quickly ask what that did, and why his works whereas mine doesn't? In the book I'm currently learning C++ from (SANS Teach Yourself C++ in 24 Hours, because "Accelerated C++" hasn't arrived yet in the post) it didn't mention the "string" value, which I actually used to use a lot with BASIC variables. I thought that from the information provided in the book, the only values allowed for strings were "char" and "float", but obviously "string" also exists....Yet, why do you need to "#include string"? Does this mean that "string" is not a variable type? Please teach me what's going on ! Thank you!
J_K9
P.S Is it possible to decompile an a.out file so that you can see the original source code? I don't think so but I just want to check, because if not that would really defeat the purpose of my code!
-
July 11th, 2005, 10:27 AM
#2
Just a hint pointers and pointers to char..
Try using strncmp to compare two strings.. Don't use ==.
Don't be tempted to use strcmp either..
One other thing to note.. It will take a "cracker" about 5 seconds to learn your password..
Oliver's Law:
Experience is something you don't get until just after you need it.
-
July 11th, 2005, 10:33 AM
#3
One other thing to note.. It will take a "cracker" about 5 seconds to learn your password..
Lol thought so...that's why I said I thought it might be imperfect(ly insecure)
So....OK now I'm really confused...String classes (is "string" a variable type?)? Character arrays? Pointers? Strncmp/strcmp? lol. Which one should I use to do something like this, any why? Also, how would a cracker be able to crack it so quickly? (i.e Is it possible to decompile an a.out/.exe file?). Cheers,
J_K9
-
July 11th, 2005, 10:38 AM
#4
Originally posted here by J_K9
Also, how would a cracker be able to crack it so quickly? (i.e Is it possible to decompile an a.out/.exe file?)
Yes, it's possible to decompile an executable.. But there's no need.. Your strings are easily readable in the executable.. A simple strings command (man strings) on your executable will reveal these..
IIRC a "string" is nothing more then an array of characters..
Oliver's Law:
Experience is something you don't get until just after you need it.
-
July 11th, 2005, 10:42 AM
#5
Hi
As so often, there are several ways to accomplish what you want.
In pure c++, you often use the c++-stream I/O (iostream)-way[1]
to read in a bunch of characters (call it "string") by
Code:
char buffer[1024];
std::cin.getline(buffer,sizeof(buffer));
or
cin >> setw(1024) >> buffer;
A buffer is a small portion in the memory. By the above procedure,
you read in a couple of chars, until you hit enter. Assume, you read
in 4 chars "ABCD":
Code:
buffer[0]='A';
buffer[1]='B';
buffer[2]='C';
buffer[3]='D';
buffer[4]=0;
The last entry, buffer[4]=0, is a "delimiter". If such a delimiter is set,
the buffer can be interpreted as a "string". With this object, you then
can make use of the string-functions, like strncpy, which are declared
in <string> (there, also the new data type string of the standard
template library is defined)[2].
As per you p.s. Yes, it is possible to "decompile" your a.out file - actually,
you disassemble it - see the crackit-challenge[3] by lepricaun. In case you
succeed in implementing the string-version of your password program: It
is even possible with an ordinary hex-editor (or even `cat`) to "crack"
your password protection.
Cheers.
[1] http://tutorials.programmingsite.co.uk/cppgetline.php
[2] http://www.bgsu.edu/departments/comp...cs/string.html
[3] http://www.antionline.com/showthread...hreadid=262718
If the only tool you have is a hammer, you tend to see every problem as a nail.
(Abraham Maslow, Psychologist, 1908-70)
-
July 11th, 2005, 10:42 AM
#6
Oh yes of course, just search it for strings....gosh can't believe I forgot that! So what about the other stuff SirDice? Like the string stuff (which I'm extremely confused about, because it was declared in "#include <string>", meaning it's not a variable type, yet it was still assigned to a variable as a type ), character arrays, pointers, strncmp/strcmp? You don't need to explain them all, I'll research the rest myself, but please could you say which one I would use if I were writing a professional program, and which one any random cracker could get without breaking a sweat? Thanks for everything so far!
edit: Wow thanks sec_ware, sorry I didn't see your post as I was already replying to SirDice's! In your case (i.e the buffer case), I'm guessing that we would still have to declare the constant to which the variable is going to verify the password, so technically a cracker can crack the password fairly easily, no matter which method we use? Also, do you know of any Linux equivalents of hiew? Thanks,
J_K9
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|