Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > C Programming > Fix my program

Reply
Thread Tools

Fix my program

 
 
CBFalconer
Guest
Posts: n/a
 
      03-05-2008
Nomen Nescio wrote:
>
> Hello, for an assignment I need to protect my files with a
> password. Can anyone please tell me why my C/C++ program is
> not working?!!
>
> void main() {
> char password[40];


The above line is unique. Apart from lines with only a lone '}',
it is the only line in the program without an obvious error.

> fflush(stdin);
> password = gets(NULL);
> if (password != "november13") {
> 10 PRINT "INVALID PASSWORD"
> 20 BEEP
> 30 GOTO 10
> }
> }



--
[mail]: Chuck F (cbfalconer at maineline dot net)
[page]: <http://cbfalconer.home.att.net>
Try the download section.



--
Posted via a free Usenet account from http://www.teranews.com

 
Reply With Quote
 
 
 
 
Thad Smith
Guest
Posts: n/a
 
      03-06-2008
Bartc wrote:
> Mark Wooding wrote:
>> Nomen Nescio <(E-Mail Removed)> wrote:
>>
>>> if (password != "november13") {

>> It's probably worth pointing out that you can improve security by
>> hashing the passwords. You should probably replace the above with
>> something like
>>
>> if (strcmp(sha384(password), sha384("november13"))) { ... }

>
> Wouldn't "november13" still exist in the executable? Unless sha384 is some
> clever macro?


When <sha384.h> is included, sha384() computes the hash of the string
literal at compile time, but the hash of password at run time, since it
points to a run-time variable.

--
Thad
(Apply NaCl, 1 grain, pro re nata)
 
Reply With Quote
 
 
 
 
Sebastian G.
Guest
Posts: n/a
 
      03-06-2008
Thad Smith wrote:

> Bartc wrote:
>> Mark Wooding wrote:
>>> Nomen Nescio <(E-Mail Removed)> wrote:
>>>
>>>> if (password != "november13") {
>>> It's probably worth pointing out that you can improve security by
>>> hashing the passwords. You should probably replace the above with
>>> something like
>>>
>>> if (strcmp(sha384(password), sha384("november13"))) { ... }

>> Wouldn't "november13" still exist in the executable? Unless sha384 is some
>> clever macro?

>
> When <sha384.h> is included, sha384() computes the hash of the string
> literal at compile time, but the hash of password at run time, since it
> points to a run-time variable.



A optimizing compiler may decide to not optimize away any sufficiently
complex calculation.
 
Reply With Quote
 
Thad Smith
Guest
Posts: n/a
 
      03-06-2008
Sebastian G. wrote:
> Thad Smith wrote:
>
>> Bartc wrote:
>>> Mark Wooding wrote:
>>>> Nomen Nescio <(E-Mail Removed)> wrote:
>>>>
>>>>> if (password != "november13") {
>>>> It's probably worth pointing out that you can improve security by
>>>> hashing the passwords. You should probably replace the above with
>>>> something like
>>>>
>>>> if (strcmp(sha384(password), sha384("november13"))) { ... }
>>> Wouldn't "november13" still exist in the executable? Unless sha384 is
>>> some clever macro?

>>
>> When <sha384.h> is included, sha384() computes the hash of the string
>> literal at compile time, but the hash of password at run time, since
>> it points to a run-time variable.

>
> A optimizing compiler may decide to not optimize away any sufficiently
> complex calculation.


Obviously such a compiler is not up to the task!

--
Thad
 
Reply With Quote
 
Sebastian G.
Guest
Posts: n/a
 
      03-06-2008
Thad Smith wrote:

> Sebastian G. wrote:
>> Thad Smith wrote:
>>
>>> Bartc wrote:
>>>> Mark Wooding wrote:
>>>>> Nomen Nescio <(E-Mail Removed)> wrote:
>>>>>
>>>>>> if (password != "november13") {
>>>>> It's probably worth pointing out that you can improve security by
>>>>> hashing the passwords. You should probably replace the above with
>>>>> something like
>>>>>
>>>>> if (strcmp(sha384(password), sha384("november13"))) { ... }
>>>> Wouldn't "november13" still exist in the executable? Unless sha384 is
>>>> some clever macro?
>>> When <sha384.h> is included, sha384() computes the hash of the string
>>> literal at compile time, but the hash of password at run time, since
>>> it points to a run-time variable.

>> A optimizing compiler may decide to not optimize away any sufficiently
>> complex calculation.

>
> Obviously such a compiler is not up to the task!


Nonsense. Please show me a compiler that would be so stupid to optimize away
the following function:

BOOL foo(void) {
for(iint64_t i=0; i < 0x0FFFFFFFFFFFFFFF; i++)
if (strcmp(DES_encrypt(i,"foo"),"bar")
return TRUE:
return FALSE;
}
 
Reply With Quote
 
CBFalconer
Guest
Posts: n/a
 
      03-06-2008
Bartc wrote:
> Mark Wooding wrote:
>> Nomen Nescio <(E-Mail Removed)> wrote:
>>
>>> if (password != "november13") {

>>
>> It's probably worth pointing out that you can improve security by
>> hashing the passwords. You should probably replace the above with
>> something like
>>
>> if (strcmp(sha384(password), sha384("november13"))) { ... }

>
> Wouldn't "november13" still exist in the executable? Unless sha384
> is some clever macro?
>
> Perhaps encrypted in a separate program and the result put in here.


And obviously sha384 has nothing to do with the C language,
inasmuch as it never appears in any C standard. Followups have
been set to eliminate c.l.c, where this is off-topic.

--
[mail]: Chuck F (cbfalconer at maineline dot net)
[page]: <http://cbfalconer.home.att.net>
Try the download section.



--
Posted via a free Usenet account from http://www.teranews.com

 
Reply With Quote
 
Chris Dollin
Guest
Posts: n/a
 
      03-06-2008
Sebastian G. wrote:

> Thad Smith wrote:
>
>> Sebastian G. wrote:
>>> Thad Smith wrote:
>>>
>>>> Bartc wrote:
>>>>> Mark Wooding wrote:
>>>>>> Nomen Nescio <(E-Mail Removed)> wrote:
>>>>>>
>>>>>>> if (password != "november13") {
>>>>>> It's probably worth pointing out that you can improve security by
>>>>>> hashing the passwords. You should probably replace the above with
>>>>>> something like
>>>>>>
>>>>>> if (strcmp(sha384(password), sha384("november13"))) { ... }
>>>>> Wouldn't "november13" still exist in the executable? Unless sha384 is
>>>>> some clever macro?
>>>> When <sha384.h> is included, sha384() computes the hash of the string
>>>> literal at compile time, but the hash of password at run time, since
>>>> it points to a run-time variable.
>>> A optimizing compiler may decide to not optimize away any sufficiently
>>> complex calculation.

>>
>> Obviously such a compiler is not up to the task!

>
> Nonsense. Please show me a compiler that would be so stupid to optimize away
> the following function:
>
> BOOL foo(void) {
> for(iint64_t i=0; i < 0x0FFFFFFFFFFFFFFF; i++)
> if (strcmp(DES_encrypt(i,"foo"),"bar")
> return TRUE:
> return FALSE;
> }


As the previous poster said, /such a compiler/ may not be up to the task
/of compile-time evaluation of/ `sha384` from the possibly-built-in-as-
suggested-by-the-<> `<sha384.h>.

A compiler that decides it cannot do X is -- obviously -- not up to
the task of doing X.

--
"Ashes are burning the way." - Renaissance, /Ashes Are Burning/

Hewlett-Packard Limited registered no:
registered office: Cain Road, Bracknell, Berks RG12 1HN 690597 England

 
Reply With Quote
 
Mark Wooding
Guest
Posts: n/a
 
      03-06-2008
Thad Smith <(E-Mail Removed)> wrote:

> When <sha384.h> is included, sha384() computes the hash of the string
> literal at compile time, but the hash of password at run time, since it
> points to a run-time variable.


Indeed.

(Of course, the real question is why I chose SHA384 of all things...)

-- [mdw]
 
Reply With Quote
 
Sebastian G.
Guest
Posts: n/a
 
      03-06-2008
Chris Dollin wrote:


>>>> A optimizing compiler may decide to not optimize away any sufficiently
>>>> complex calculation.
>>> Obviously such a compiler is not up to the task!

>> Nonsense. Please show me a compiler that would be so stupid to optimize away
>> the following function:
>>
>> BOOL foo(void) {
>> for(int64_t i=0; i < 0x0FFFFFFFFFFFFFFF; i++)
>> if (strcmp(DES_encrypt(i,"foo"),"bar")
>> return TRUE:
>> return FALSE;
>> }

>
> As the previous poster said, /such a compiler/ may not be up to the task
> /of compile-time evaluation of/ `sha384` from the possibly-built-in-as-
> suggested-by-the-<> `<sha384.h>.



<> only means that the included header should be searched in the default
search path, nothing more. And there's absolutely no indication that the
definition it contains might be suitable, much less feasible for
compile-time evaluation.

> A compiler that decides it cannot do X is -- obviously -- not up to
> the task of doing X.


See the example above. Even though the compile could do it, may have very
good reason not to do so; especially if it involves running a part of the
code itself, machine-specific implementation details.
 
Reply With Quote
 
Richard Heathfield
Guest
Posts: n/a
 
      03-06-2008
CBFalconer said:

> Bartc wrote:
>> Mark Wooding wrote:
>>>
>>> if (strcmp(sha384(password), sha384("november13"))) { ... }

>>
>> Wouldn't "november13" still exist in the executable? Unless sha384
>> is some clever macro?
>>
>> Perhaps encrypted in a separate program and the result put in here.

>
> And obviously sha384 has nothing to do with the C language,
> inasmuch as it never appears in any C standard. Followups have
> been set to eliminate c.l.c, where this is off-topic.


Whoosh!

--
Richard Heathfield <http://www.cpax.org.uk>
Email: -http://www. +rjh@
Google users: <http://www.cpax.org.uk/prg/writings/googly.php>
"Usenet is a strange place" - dmr 29 July 1999
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[FIX] Another possible fix for the missing ASP .Net tab problem Patrick Philippot ASP .Net 0 04-14-2006 11:48 AM
Xah's Edu Corner: The Concepts and Confusions of Pre-fix, In-fix, Post-fix and Fully Functional Notations Xah Lee Perl Misc 21 03-21-2006 07:02 AM
Xah's Edu Corner: The Concepts and Confusions of Pre-fix, In-fix, Post-fix and Fully Functional Notations Xah Lee Python 23 03-21-2006 07:02 AM
Xah's Edu Corner: The Concepts and Confusions of Pre-fix, In-fix, Post-fix and Fully Functional Notations Xah Lee Java 22 03-21-2006 07:02 AM
why browser cache setting affects program behavior? Fix? =?Utf-8?B?anVubGlh?= ASP .Net 2 05-20-2005 06:27 PM



Advertisments