Lists - Assignment 3

CSCI 135
Fundamentals of Computer Science I
Fall 2019

LAB ASSIGNMENT 3

In this assignment, you will get experience using one-dimensional lists.

Password Challenge-Response
Traditional password entry schemes are susceptible to "shoulder surfing" in which an attacker watches an unsuspecting user enter his or her password or PIN number and uses it later to gain access to the account. One way to combat this problem is with a randomized challenge-response system. In these systems the user enters different information every time based on a secret in response to a randomly generated challenge.

Consider the following scheme in which the password consists of a five-digit PIN number (00000 to 99999). Each possible digit is assigned a random number that is 1, 2, or 3. The user enters the random digits that correspond to their PIN instead of their actual PIN numbers.

For example, consider an actual PIN number of 12345. To authenticate, the user would be presented with a screen such as:

PIN: 0 1 2 3 4 5 6 7 8 9
NUM: 3 2 3 1 1 3 2 2 1 3

The user would enter 23113 instead of 12345. This doesn't divulge the password even if an attacker intercepts the entry because 23113 could correspond to other PIN numbers, such as 69440 or 70439. The next time the user logs in, a different sequence of random numbers would be generated, such as:

PIN: 0 1 2 3 4 5 6 7 8 9
NUM: 1 1 2 3 1 2 2 3 3 3

Write a program to simulate the authentication process. Store an actual PIN number in your program. The program should use a list to assign random numbers from 1 to 3 to the digits from 0 to 9. Output the random digits and their correspondence to actual digits to the screen as shown above, get the input response from the user, and then output whether or not the user's response correctly matches the PIN number.

For the purposes of this program, use the "actual" PIN number of 56789.You can store this in a list: [5, 6, 7, 8, 9]. Name this program Password.py The output on the screen should look like the following. In this first run, the user entered the converted password incorrectly.

PIN: 0 1 2 3 4 5 6 7 8 9
NUM: 2 1 2 3 3 2 3 1 3 1

Please enter your converted password: 23133
Incorrect.

In this run, the user entered the correct converted password.

PIN: 0 1 2 3 4 5 6 7 8 9
NUM: 3 1 3 2 1 1 2 2 3 3

Please enter your converted password: 12233
Correct.

FAQs:

How do I get user input? The function input() can be used. Remember that input, whether from the command line or a user comes in as a string, so you will need to convert it to an integer at some point. For example:

x = int(input("Please enter a number: "))

will get input from the user (and give them the instruction to "Please enter a number"), convert it to an integer, and store the result in the variable x.

Um. How do I extract individual digits from the 5 digit PIN that the user enters? Recall that thenumbers have two division type operators. The % operator gives you the remainder of a division operation. So if my entered PIN number is 12233, 12233 % 10 would give me the number 3, thus it extracts the last digit in the number. The division operator, /, returns the result of the division, so 12233 / 10 results in 1223.3. You will need to convert this value back into an integer using the int() conversion. You can use a for loop to extract the digits one by one in this way.

How do I get random integers between 1 and 3? You will need to import random prior to trying to run any of its functions, and then you would use the random.randint() function, as below:

import random
 ...
 x = random.randint(1,3)

There's a lot to this program. How do I get started? Read the problem carefully and write down what steps you need to do. The first thing might be to define the list that the "actual" PIN is stored in. Next you might want to define the list that stores the random digits from 1 to 3 that are associated with each real digit so that you can display it to the user. Then get the user input, convert it into single digits, and check to see if each digit matches the correct entry in the random number list. I would suggest that you write code to do each piece of the problem in sequence and test (by printing out intermediate results) to make sure it is correct before moving on to code for the next piece. When I get to a tricky part of the problem, I find it helpful to draw pictures to see just what values are in which list. This helps me to think about how I would access different lists.

Grading The lab assignment is worth 30 points. You will be graded according to the following criteria:

Grade Item Password Points Earned

Program Compiles and Runs
4

Header Comment
4

Programming Style
4

Assigns Random Digit Values in a List
6

Allows Interactive User Input
4

Checks Password Correctly
8

Grade Item	Password	Points Earned
Program Compiles and Runs	4
Header Comment	4
Programming Style	4
Assigns Random Digit Values in a List	6
Allows Interactive User Input	4
Checks Password Correctly	8

Submission. Submit your program Password.py via Moodle under the Lab 3: Lists dropbox. Be sure each submitted source file has the required header with your name, and a description of the program.

Page last updated: September 18, 2019