473,320 Members | 1,879 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

Help needed with socket class with MD5/Salt

Construct a one-time password system.

· Write a server code and a client code. The server code takes as input a username and a one-time password from the client and then sends a message back to the client if they are correct.

Specifications

add the function of password-based user authentication to the client/server. The goal of the program is very simple: the server prints out a message only when the user has entered his/her correct username and password.

Your server should construct its password system according to the following requirements.

· Salting. Generate a salt for each password.

· Hashing. The password is hashed along with the corresponding salt.

· Shadowing. You should create two files named passwd and shadow, respectively.

One-time password



You should adopt the following one-time password mechanism:

The client and server share a long term secret (salt) hard-coded in the programs.

After a user enters his username and long-term password, the client code should convert it into one-time password using the formula:



OPWD = Hashn(Hash(Password||salt)||n)



where OPWD denotes one-time password, || denotes a bitwise concatenation, Hashn denotes the number of times for hashing, Password denotes the long-term password and Secret denotes the secret shared between the server and the client.



The client sends OPWD to the server. Upon receiving it, the server retrieves the corresponding long-term password for the user and checks the following equation with equality:



OPWD = Hashn(hashed_password||n).



If the equality holds, then the server sends a message back to the client; otherwise, goes back the initial prompt asking the user to re-enter username and password.



The protocol is summarised as follows:



1. User sends username to the server.

2. Server selects a random number n and sends it back to User.

3. User computes OPWD = Hashn(Hash(Password||salt)||n) and sends it to Server.

4. Server checks OPWD = Hashn(hashed_password||n).

If it holds, prints back a message for acknowledgement; otherwise, goes back to the initial login prompt.



Below is the best that i have done/reference with mod from friends and website, with many errors like syntax errors which i dun understand.
it is the socket.cpp. i dun quite understand the questions too. plz try to enlighten me with watever help u can. Thank You.



#include <iostream>

using namespace std;



class Socket
{
public:
void Socket::SendLine();
std::string Socket::ReceiveLine
}

class SocketClient
{
public:
void SocketClient();
}

int Socket::nofSockets_= 0;





//Send
void Socket::SendLine(std::string s) {
s += '\n';
send(s_,s.c_str(),s.length(),0);
}


//Receive
std::string Socket::ReceiveLine() {
std::string ret;
while (1) {
char r;

switch(recv(s_, &r, 1, 0)) {
case 0: // not connected anymore;
// ... but last line sent
// might not end in \n,
// so return ret anyway.
return ret;
case -1:
return "";
// if (errno == EAGAIN) {
// return ret;
// } else {
// // not connected anymore
// return "";
// }
}

ret += r;
if (r == '\n') return ret;
}
}


// Client Socket
void SocketClient::SocketClient(const std::string& host, int port) : Socket() {
std::string error;

hostent *he;
if ((he = gethostbyname(host.c_str())) == 0) {
error = strerror(errno);
throw error;
}

sockaddr_in addr;
addr.sin_family = AF_INET;
addr.sin_port = htons(port);
addr.sin_addr = *((in_addr *)he->h_addr);
memset(&(addr.sin_zero), 0, 8);

if (::connect(s_, (sockaddr *) &addr, sizeof(sockaddr))) {
error = strerror(WSAGetLastError());
throw error;
}
}

//Server
Socket* SocketServer::Accept() {
SOCKET new_sock = accept(s_, 0, 0);
if (new_sock == INVALID_SOCKET) {
int rc = WSAGetLastError();
if(rc==WSAEWOULDBLOCK) {
return 0; // non-blocking call, no request pending
}
else {
throw "Invalid Socket";
}
}

Socket* r = new Socket(new_sock);
return r;
}
Aug 1 '07 #1
1 2515
Construct a one-time password system.

· Write a server code and a client code. The server code takes as input a username and a one-time password from the client and then sends a message back to the client if they are correct.

Specifications

add the function of password-based user authentication to the client/server. The goal of the program is very simple: the server prints out a message only when the user has entered his/her correct username and password.

Your server should construct its password system according to the following requirements.

· Salting. Generate a salt for each password.

· Hashing. The password is hashed along with the corresponding salt.

· Shadowing. You should create two files named passwd and shadow, respectively.

One-time password



You should adopt the following one-time password mechanism:

The client and server share a long term secret (salt) hard-coded in the programs.

After a user enters his username and long-term password, the client code should convert it into one-time password using the formula:



OPWD = Hashn(Hash(Password||salt)||n)



where OPWD denotes one-time password, || denotes a bitwise concatenation, Hashn denotes the number of times for hashing, Password denotes the long-term password and Secret denotes the secret shared between the server and the client.



The client sends OPWD to the server. Upon receiving it, the server retrieves the corresponding long-term password for the user and checks the following equation with equality:



OPWD = Hashn(hashed_password||n).



If the equality holds, then the server sends a message back to the client; otherwise, goes back the initial prompt asking the user to re-enter username and password.



The protocol is summarised as follows:



1. User sends username to the server.

2. Server selects a random number n and sends it back to User.

3. User computes OPWD = Hashn(Hash(Password||salt)||n) and sends it to Server.

4. Server checks OPWD = Hashn(hashed_password||n).

If it holds, prints back a message for acknowledgement; otherwise, goes back to the initial login prompt.



Below is the best that i have done/reference with mod from friends and website, with many errors like syntax errors which i dun understand.
it is the socket.cpp. i dun quite understand the questions too. plz try to enlighten me with watever help u can. Thank You.



#include <iostream>

using namespace std;



class Socket
{
public:
void Socket::SendLine();
std::string Socket::ReceiveLine
}

class SocketClient
{
public:
void SocketClient();
}

int Socket::nofSockets_= 0;





//Send
void Socket::SendLine(std::string s) {
s += '\n';
send(s_,s.c_str(),s.length(),0);
}


//Receive
std::string Socket::ReceiveLine() {
std::string ret;
while (1) {
char r;

switch(recv(s_, &r, 1, 0)) {
case 0: // not connected anymore;
// ... but last line sent
// might not end in \n,
// so return ret anyway.
return ret;
case -1:
return "";
// if (errno == EAGAIN) {
// return ret;
// } else {
// // not connected anymore
// return "";
// }
}

ret += r;
if (r == '\n') return ret;
}
}


// Client Socket
void SocketClient::SocketClient(const std::string& host, int port) : Socket() {
std::string error;

hostent *he;
if ((he = gethostbyname(host.c_str())) == 0) {
error = strerror(errno);
throw error;
}

sockaddr_in addr;
addr.sin_family = AF_INET;
addr.sin_port = htons(port);
addr.sin_addr = *((in_addr *)he->h_addr);
memset(&(addr.sin_zero), 0, 8);

if (::connect(s_, (sockaddr *) &addr, sizeof(sockaddr))) {
error = strerror(WSAGetLastError());
throw error;
}
}

//Server
Socket* SocketServer::Accept() {
SOCKET new_sock = accept(s_, 0, 0);
if (new_sock == INVALID_SOCKET) {
int rc = WSAGetLastError();
if(rc==WSAEWOULDBLOCK) {
return 0; // non-blocking call, no request pending
}
else {
throw "Invalid Socket";
}
}

Socket* r = new Socket(new_sock);
return r;
}
What is your problem ? Where did you get stuck up ?

Which of the functionality is missed out in the code pasted?

Can you elaborate a little bit ?

Regards,
Girish.
Aug 2 '07 #2

Sign in to post your reply or Sign up for a free account.

Similar topics

3
by: Cndistin | last post by:
First I am sorry for the title but I an newbie enough to now know how to better word it. The problem part of my code is class Application: class Moon: def __init__(self, name): self.name =...
7
by: groleo | last post by:
Hi. I've searched a lot on google, but no one seems to develop a socket class for c++? I've found a lot of classes that works only on Windows. The thing is that I need a BSD socket library. I...
3
by: HABJAN ®iga | last post by:
Is there a way to be notifyed (callback, event,...) when the connection of socket was closed... The WinSock activex in vb6 had event ondisconnect... I get exception when i try to send some data,...
3
by: notregister | last post by:
Hi, how do i use socket class to send data to a device which i have that IP address and Port number e.g 169.254.192.155 RemotePort: 9100 or any IP address that i want? Pls advise Thanks
1
by: brettsbignose | last post by:
Please inform me if microsoft has a better group to post this genre of question on, but since I am working in vb.net, this was my best choice. I am writing a program that can send UDP packets. ...
2
by: Anan18 | last post by:
Use Integer variables to represent the private data of the class – the numerator and the denominator. Provide a constructor that enables an object of this class to be initialized when it is...
3
by: PaperPilot | last post by:
Hi All: I need some help with TCP sockets on VxWorks. Does anybody know of a C++ socket class that works on VxWorks. This would be dead easy with Java, but management over my objections,...
1
by: ssherm01 | last post by:
I'm using MS VS C++ .NET. I've written a multicast test utility that can send IGMP packets for a user specified group address. As well, it can send and receive UDP packets for a specified...
2
by: Piotrekk | last post by:
Hi I have a question related to Socket class. What are the advantages / disadvantages of using Socket class comparing to TcpClient and HttpWebRequest Regards Piotr Ko³odziej
2
by: kodart | last post by:
Introduction Performance is the main concern to most server application developers. That’s why many of them anticipate using .NET platform to develop high performance server application regardless...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
0
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.