Question

C and Systems Programming

Part I. Password Strength Meter

Weak passwords are common source of e-mail and social website accounts hacks. To alleviate this problem, pro-grams, often, when the user chooses a new password, determine if it is an adequately strong password. You are to write a function that validates the password strength. The restrictions that we de ne as our de ned level of strength of passwords is the following: the password must be at least eight characters long, and must include at least one uppercase, one lowercase letter, and one digit. The password cannot contain any other characters than letters and numbers. In addition, it must contain at least one string (consecutive letters) of at least four letters long (uppercase letters, lowecase letters, or combination of both). Furthermore, the password should not contain the username (usernames in our login program are not case-sensitive). Remember, failing to write this piece of code in the program correctly may result in accepting weak and vulnerable passwords. Your code helps rejecting such passwords.

bool i s S t r o n g P a s s w o r d ( const char * username , const char * password ) { // TODO : your code goes here .

}

Enter     username : vahab

Enter     new   password : 1234

Your   password    is week . Try       again !

Enter     username : vahab

Enter     new   password : hello

Your   password    is week . Try       again !

Enter     username : vahab

Enter     new   password : 123 v aH aB k7 89

Your   password    is week . Try       again !

Enter     username : vahab

Enter     new    password : m e A c e C S 2 2 1

Strong    password !

Part II. Default Password Generator

In this part, you will write a C function generateDefaultPassword(char* default_password, const char* username) that generates a default password randomly, which will be sent to the user to login. The users may wish to change the default password to a password of their own, which should pass the password strength meter you implemented in Part I. The default password generated by this function will be stored in a char array that the default_password is pointing to. Remember, the caller of this function (aka main()) must declare an array before passing it to this function, in order to avoid segmentation fault issues.

The default password must be created randomly (every character should be chosen randomly and independently from all allowed characters) and must have all the requirements of a strong password the user selects (Part I) except the following:

The default password must not be longer than 15 characters.

The default password may or may not satisfy the four consecutive letters requirement.

Implement a new function called isStrongDefaultPassword(const char* username, const char* password) which checks if the default password is strong based on the new constraints. This function is almost identical to your isStrongPassword() function in Part I, but needs some modi cations based on the default password requirements. In a loop, your program should then keep creating random strings and check if all the password

requirements for the default password are met. Once a compliant password is generated, the loop stops and your program displays the generated password in the following form:

Generating a default password...

Generated default password:       x1B4fxH81I02

void g e n e r a t e D e f a u l t P a s s w o r d ( char * default_password , const char * username ) {

// TODO : your    code   goes   here .

}

While you are limiting the length of your random password to 15 maximum length, remember that the size of your random password must be random as well.

For both parts, you can write as many helper functions of your own as you like, but as for functions not written by you, you may only use strlen, strcmp, strcpy, and strcat from string.h, and any functions de ned in stdbool.h, stdio.h, ctype.h, time.h, and stdlib.h, only. Your three functions must do exactly as speci ed in this project. You must include all your code relevant to these three functions inside the functions itself. That means, your code must contain these three functions, with the exact function signatures. Your code must compile and run correctly on the Linux lab machines. If we cannot compile your code on the lab machines, you will receive no credit. A small portion of your project grade (5%) is reserved for good code style and adequate comments. While good code style includes many elements, in this class we only grade your projects on suitable variable name choice and indentation.

Here is code for part 1

/**
*
* A password strength meter and a default password generator,
* as defined in the CS221 course website for Project 1.
*
*/

bool isStrongPassword(const char * username, const char * password) {
   //TODO: your code goes here.
   return false;
}

/**
* Example: isStrongDefaultPassword("vahab", "Taher3h") returns false
*/
bool isStrongDefaultPassword(const char* username, const char* password) {
   //TODO: your code goes here.  
   return false;
}

/**
* This function may *not* call isStrongPassword().
* This function must call isStrongDefaultPassword().
*/
void generateDefaultPassword(char * default_password, const char * username) {
   //TODO: your code goes here.  
}

int main(void)
{
   //TODO: your code goes here.
   return 0;
}

Answer 1

Working code implemented in C and appropriate comments provided for better understanding.

Source Code for PasswordStrengthMeter.c:

#include <stdio.h>
#include <stdbool.h>
#include <string.h>

bool containsUsername(char* username,char* password, int i){
if (password[i] != username[0]) return false;
else
{ // if c is the same as first letter of username
i++;
bool contains = true;
int j=1;
while (j<strlen(username)){
char charusername=username[j];
char charpassword=password[i];
if (charusername == charpassword){j++;i++;}
else return false;
}
return true;
}
}

bool isValidChar(char c){
if (c<'0'||(c>'9'&&c<'A')||(c>'Z'&&c<'a')||c>'z'){
printf("detected non-alphanumeric character");
return false;
}
else return true;
}

bool isUpper(char c){
if (c>='A'&&c<='Z') return true;
else return false;
}

bool isLower(char c){
if (c>='a'&&c<='z') return true;
else return false;
}

bool isDigit(char c){
if (c>='0'&&c<='9') return true;
else return false;
}

bool isStrongPassword (char username[] , char* password){
// check if password is at least 8 characters long
if (strlen(password)<8){
printf("Password is too short.\n");
return false;
}

int consecutive = 0;
bool hasUpper,hasLower,hasDigit = false;
bool atLeastFourConsec = false;

// iterate through every single char in password
for (int i=0;i<strlen(password);i++){
char c = password[i];

if (containsUsername(username, password,i)){
printf("password contains username. try again.\n");
return false;
}

// check for invalid char
if (!isValidChar(c)) return false;
else if (isUpper(c)) {hasUpper = true; consecutive++;}
else if (isLower(c)) {hasLower = true; consecutive++;}
else if (isDigit(c)) {hasDigit=true; consecutive = 0;}

if(consecutive>=4) atLeastFourConsec = true;
}

if (!hasUpper||!hasLower||!hasDigit) {
printf("you need to have one upper one lower and one digit.\n");
return false;
}
else if (!atLeastFourConsec) {
printf("You need at least four consecutive letters.");
return false;
}

else return true;
  
}
bool isStrongDefaultPassword (char username[] , char* password){
// check if password is at least 8 characters long
if (strlen(password)<8){
return false;
}

bool hasUpper,hasLower,hasDigit = false;

// iterate through every single char in password
for (int i=0;i<strlen(password);i++){
char c = password[i];

if (containsUsername(username, password,i)){
return false;
}

// check for invalid char
if (!isValidChar(c)) return false;
else if (isUpper(c)) hasUpper = true;
else if (isLower(c)) hasLower = true;
else if (isDigit(c)) hasDigit=true;
}

if (!hasUpper||!hasLower||!hasDigit) {
return false;
}

else return true;
  
}

void generateDefaultPassword(char default_password[], char username[]){
printf("Generating a default password...\n");
srand(time());
int length = rand()%7+8; //random passworld length between 8 and 15
for (int i=0;i<length;i++){
char randChar = rand()%74+48;
while (!isUpper(randChar)&!isLower(randChar)&!isDigit(randChar)){
randChar = rand()%74+48;
}
default_password[i] = randChar;
}
if (isStrongDefaultPassword(username,default_password)){
printf("Generated default password: %s\n",default_password);
}
else {
while (!isStrongDefaultPassword(username,default_password)) {
printf("The FAILED randomly generated default password is: %s\n",default_password);
sleep(1); // sleep for a second so srand(time()) has a different seed
generateDefaultPassword(default_password,username);
}
}
}

int main(void) {
// Part 1
char username[99];
char password[99];
bool secured = false;
while (!secured){

printf("Enter username: \n");
scanf("%s",username);
printf("Enter new password: \n");
scanf("%s",password);
if (!isStrongPassword(username,password)){
printf("Your password is weak! Try again.\n");
}
else {
printf("Strong password. %s\n",password);
secured = true;
}
}

printf("---------------------------------\n");

// Part2
char default_password[16] = "";
generateDefaultPassword(default_password, username);

return 0;
}