Password Strength in C++
Question
I am making a small password strength calculator in C++ that will calculate the information entropy value for the password as well as the NIST value. I have the entropy part of the program working but the NIST part is giving me some problems. I am pretty sure I have the right formula but every time I put my test password through that I know should give me a value of 24 I get a value of 18. I don't see a problem in my code that would cause this which leads me to believe it is a problem with the formula. Is anyone familiar with the NIST formula and could provide me help with this? Any help would be greatly appreciated. I have attached my code below.
#include <iostream>
#include <cmath>
#include <string>
using namespace std;
int main(){
string eight_password, first_char, next_seven;
int ep_length;
double ent_strength, nist_strength;
const int NIST_FIRST = 4, NIST_SEVEN = 2, NIST_REM = 1;
const double NIST_TWELVE = 1.5;
cout << "Hello! Please enter a password of 8 characters or less (including spaces!):" << endl;
getline(cin, eight_password);
ep_length = eight_password.length();
ent_strength = (ep_length*((log(94))/(log(2))));
first_char = eight_password.substr(0, 1);
next_seven = eight_password.substr(1, 7);
nist_strength = (first_char.length()*NIST_FIRST) + (next_seven.length()*NIST_SEVEN);
cout << nist_strength<<endl;
cout << first_char.length() << endl;
cout << next_seven.length() << endl;
return 0;
}
1 answers
solution1
2 2014-01-29 12:35:25
This formula
nist_strength = (first_char.length()*NIST_FIRST) + (next_seven.length()*NIST_SEVEN);
always produces 18 since it does not take into account the composition of the password at all. It only considers the lenghts of its first and next seven characters which is 1*4+7*2=18 always. The standard defines different methods of evaluation based on the composition of the password, ie all lower/upper, lower+upper, lower+upper+digits, etc.
I suggest that you set up two variables n1, and n7 and calculate their values after checking what the first and next 7 characters are based on the standard, and then use them in the formula.
Hope this helps.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.