Securecoding lab 1 - archie-archana/securecodinglab GitHub Wiki
Q 1: Write a C Program to authenticate a user using username and password. Have a list of 5 usernames and passwords in an array. If the entered username and password matches with the username / password combination in the array, then print as “Authentication Successful” else print “Authentication failed , try again”. The user is permitted to enter the wrong password only 3 times. If the user exceeds the limit, then print “Limit exceeded. Try later”.
#include <stdio.h> #include <string.h>
int main() { char username[5][100]={ "username1","username2","username3","username4","username5", }; char password[5][100]={ "password1","password2","password3","password4","password5" };
int flag=0; int noofelements=5; int noofattempts=3; int currentattempts=0; while(currentattempts < noofattempts) { printf("\n attempt %d\n",(currentattempts + 1)); flag=0; char Username[100], Password[100]; printf("enter username:"); scanf("%[^\n]%*c",Username); printf("enter password:"); scanf("%[^\n]%*c",Password);
for (int i=0;i<noofelements;i++){
//strcmp(password[i],Password);
if (
strcmp(username[i],Username)==0 &&
strcmp (password[i],Password)==0)
{
flag=1;
break;
}
}
if (flag == 1){
printf("Authentication successfull");
break;
}
else {
printf("Authentication failed");
}
currentattempts++;
} if (flag==0){
printf("\n Limit exceed");
} return 0; }
Output:
Q 2: Write a C program to create a password strength meter. A password is said to be strong if it is at least 8 characters long and contains at least one lowercase character, one uppercase character, one special character ( !@#$%^&*()) and one digit. The program should obtain a password string from the user and compute the password strength (in percentage) based on the 5 criteria listed above for strong passwords.
#include <stdio.h> #include <string.h> #include <stdbool.h>
bool has_lowercase(const char *password) { for (int i = 0; password[i] != '\0'; i++) { if (password[i] >= 'a' && password[i] <= 'z') { return true; } } return false; }
bool has_uppercase(const char *password) { for (int i = 0; password[i] != '\0'; i++) { if (password[i] >= 'A' && password[i] <= 'Z') { return true; } } return false; }
bool has_special_character(const char password) { for (int i = 0; password[i] != '\0'; i++) { char ch = password[i]; if (ch == '!' || ch == '@' || ch == '#' || ch == '$' || ch == '%' || ch == '^' || ch == '&' || ch == '') { return true; } } return false; }
bool has_digit(const char *password) { for (int i = 0; password[i] != '\0'; i++) { if (password[i] >= '0' && password[i] <= '9') { return true; } } return false; }
int main() { char password[100]; printf("Enter your password: "); scanf("%s", password);
int criteria_count = 0;
if (strlen(password) >= 8) {
criteria_count++;
}
if (has_lowercase(password)) {
criteria_count++;
}
if (has_uppercase(password)) {
criteria_count++;
}
if (has_special_character(password)) {
criteria_count++;
}
if (has_digit(password)) {
criteria_count++;
}
float strength = (criteria_count / 5.0) * 100;
printf("Password strength: %.2f%%\n", strength);
return 0;
}
Output:
Q3. Write a C program to generate strong passwords of a length specified by the user.
#include <stdio.h> #include <string.h> #include <stdlib.h> #include <time.h>
char ranchar() { const char charSet[] = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()"; return charSet[rand() % (sizeof(charSet) - 1)]; } int main() { int pwordlen; printf("Enter the desired password length:"); scanf("%d",&pwordlen);
// Seed the random number generator with the current time, changes every time it runs.. srand(time(NULL)); char password[100]; for (int i = 0; i<pwordlen; i++) { password[i] = ranchar(); } password[pwordlen] = '\O'; printf("Generated strong password: %s\n", password); return 0;
}
