Computer Science Department |
CSCI 135 |
Password Challenge-Response
Traditional password entry schemes are susceptible to "shoulder surfing" in which an attacker watches an unsuspecting user enter his or her password or PIN number and uses it later to gain access to the account. One way to combat this problem is with a randomized challenge-response system. In these systems the user enters different information every time based on a secret in response to a randomly generated challenge.
Consider the following scheme in which the password consists of a five-digit PIN number (00000 to 99999). Each possible digit is assigned a random number that is 1, 2, or 3. The user enters the random digits that correspond to their PIN instead of their actual PIN numbers.
For example, consider an actual PIN number of 12345. To authenticate, the user would be presented with a screen such as:
The user would enter 23113 instead of 12345. This doesn't divulge the password even if an attacker intercepts the entry because 23113 could correspond to other PIN numbers, such as 69440 or 70439. The next time the user logs in, a different sequence of random numbers would be generated, such as:PIN: 0 1 2 3 4 5 6 7 8 9 NUM: 3 2 3 1 1 3 2 2 1 3
Write a program to simulate the authentication process. Store an actual PIN number in your program. The program should use a list to assign random numbers from 1 to 3 to the digits from 0 to 9. Output the random digits and their correspondence to actual digits to the screen as shown above, get the input response from the user, and then output whether or not the user's response correctly matches the PIN number.PIN: 0 1 2 3 4 5 6 7 8 9 NUM: 1 1 2 3 1 2 2 3 3 3
In this run, the user entered the correct converted password.PIN: 0 1 2 3 4 5 6 7 8 9 NUM: 2 1 2 3 3 2 3 1 3 1 Please enter your converted password: 23133 Incorrect.
FAQs:PIN: 0 1 2 3 4 5 6 7 8 9 NUM: 3 1 3 2 1 1 2 2 3 3 Please enter your converted password: 12233 Correct.
will get input from the user (and give them the instruction to "Please enter a number"), convert it to an integer, and store the result in the variable x.x = int(input("Please enter a number: "))
There's a lot to this program. How do I get started? Read the problem carefully and write down what steps you need to do. The first thing might be to define the list that the "actual" PIN is stored in. Next you might want to define the list that stores the random digits from 1 to 3 that are associated with each real digit so that you can display it to the user. Then get the user input, convert it into single digits, and check to see if each digit matches the correct entry in the random number list. I would suggest that you write code to do each piece of the problem in sequence and test (by printing out intermediate results) to make sure it is correct before moving on to code for the next piece. When I get to a tricky part of the problem, I find it helpful to draw pictures to see just what values are in which list. This helps me to think about how I would access different lists.import random ... x = random.randint(1,3)
Grading The lab assignment is worth 30 points. You will be graded according to the following criteria:
Grade Item | Password | Points Earned |
---|---|---|
Program Compiles and Runs | 4 | |
Header Comment | 4 | |
Programming Style | 4 | |
Assigns Random Digit Values in a List | 6 | Allows Interactive User Input | 4 | Checks Password Correctly | 8 |
Page last updated: September 18, 2019