As other Monks have pointed out, your method is flawed. However you should not be discouraged from experimenting with this idea of yours, just be aware it will make a very _bad_ password system.
What you don't say, most importantly, is how this related to username. Usually we deal with authentication as 2 part, you supply 2 pieces of data and there is some relationship between them discernable with a 'secret' which tells us if the pair is any good.
What you are talking about is really a checksum system. This kind of system embeds 'intrinsic' data within just one datum
so that it can be checked for self consistency. This is the basis of ticketing type systems that don't need usernames.
Credit cards have a very basic checksum system that is widely known and trivial to 'crack'. And such is the weakness of using them for login authentication, because once someone has seen more than 2 or 3 examples they can trivially work out the method for generating new and valid ones.
To answer your request for code try doing the following.
#!/usr/bin/perl
print STDOUT "Enter a username: "; # ask for a user
my $username = <STDIN>; # input the username
chomp $username;
print STDOUT "Enter a password: "; # ask for a pass
my $password = <STDIN>; # input the pass
chomp $password;
my $crypted = crypt($password.$username,aa); # we store this value fo
+r later....
print STDOUT "The username is $username\n";
print STDOUT "The password is $password\n";
print STDOUT "The encrypted passwd is: $crypted\n";
print "\n\n\n";
print STDOUT "Testing out the password system....\n";
while (1)
{
print STDOUT "Enter the username: ";
my $ipusername = <STDIN>;
chomp $ipusername;
print STDOUT "Enter the password: ";
my $ippassword = <STDIN>;
chomp $ippassword;
my $recrypted = crypt($ippassword.$ipusername,aa);
print STDOUT "The retrived passwd is: $recrypted\n";
if ($recrypted eq $crypted)
{
dologin();
exit 0;
}
print STDOUT "Login Incorrect, please try again.\n\n\n";
}
sub dologin
{
#do stuff
print STDOUT "Login OK, welcome to the system.\n\n\n";
exit 0;
}
This uses the standard crypt facility and is _not_ a very good method for passwords, but ok for non critical web services.
BOL
Andy.
| [reply] [d/l] |
It would help to know the environment in which the program will operate. Is it for a web app? a command-line app? an app under X/MS Win*/Mac/etc? These questions will dictate the manner in which a password would be requested.
Also, is there a particular reason you are using this scheme of a 6 number sum? If there is not, you may wish to look at the ability instead of using the crypt() function for instead creating a hashed password, which may be easier to remember than the 6 number set.
If you can provide a little more information as regards the first part, I would suspect there are several who may be able to offer applicable suggestions.
| [reply] |
The program is for a window's program. I got the idea for the password thing from credit cards. Each company should have a set number, for secrurity.
| [reply] |
You have several options, when it comes to requesting the password under windows. In browsing around CPAN while reading your question, I found the following which I think might include functions for requesting a value that is concealed as it is typed. I won't say they will all do what you seek easily, but might prove useful.
Hope that helps get you started, at least...
| [reply] |
You mean like 361524 adding up to 21? Why would you want to do that?
Or maybe you mean 21-37-72-04-58-35 adding up to 250? Just as confusing.
--
TTTATCGGTCGTTATATAGATGTTTGCA
| [reply] |
Do you mean that if the series of numbers add-up to your expected total then you would grant access to something...? If so, there are several permutations possible, all of which might produce a total equal to what you are expecting.
That is a poor method for password authentication. You may try reading some stuffs about encrypting and see how that suits your needs.
| [reply] |
There is a (un)surprisingly common check digit algorithm you can use. Bit longer than 6 tho' :-) You can even use something ready made. | [reply] |