Project #84390 - Program source code

Educational Goals: The educational goals of this program are that the student should use the concepts of

  • testing with valid inputs and invalid inputs
  • design using pseudocode
  • output of prompts and labels to match specified output
  • input of values from the keyboard
  • calling a library function
  • using string concatenation
  • assignment statements
  • documentation

binary key


The most common way for someone to identify themself to a computer system is by a username and password. The system must keep a file of all that information but it must NOT leave the file on the system in a state that can be easily read by anyone. So the passwords in the file are "hashed" into an unreadable state. Yes, that is actually the name of the method, hashing.

It's similar to encryption in that it produces an unreadable string, but it is not the same thing as encryption. There is no way to "un-hash" a string to produce the clear form of the password. Then what good is it? When someone creates an account on a system, their password is hashed and saved. When someone wants to log into the system, they provide a userid and password. The system hashes the password given and compares the result to the saved result from when the account was created for that userid. If they match, it is assumed that they are the legitimate owner of the account and access is given. If the results do not match, the person is not allowed access. Note: your program does NOT have to do all this. Your program is just asking the user for the information and displaying what the hashed password looks like.

There are many password hashing functions, but one of the most popular and most secure is SHA-256. In Python, the SHA-256 algorithm can be found in the hashlib module, in the function named sha256. Remember that you must import modules before using them!

Your program's design starts out as:

Design Prolog - name, section, email, purpose, preconditions, postconditions 
#1. Prompt the user to enter their name 
#?. Prompt the user to enter a userid 
#?. Prompt the user to enter a password 
#?. Hash the password using the userid for "salt" (see below for definition) 
#?. Display the userid, full name and encrypted password on the screen, separated by colons

The ?'s are there instead of numbers because some steps need to have more detail given. You can decide on the step numbers after you have figured out the steps.

Sample Run of finished program:

Enter your first name: John
Enter your last name: Smith
Enter your userid: jsmith2
Enter your password: 123abcdef

jsmith2:John Smith:afab4a0089b0f6ab626ab709cd6d06d575bfa42e3d5db51b6496c97a5ca6ac8a

Another sample run:

Enter your first name: Bob
Enter your last name: Brown
Enter your userid: bbrow33
Enter your password: password

bbrow33:Bob Brown:7e3e8438c096c2bb287562d1a4bbdaf019ef303544832c44e0427ff45adf5a37


One weakness in this system is that people tend to use easy passwords, like the second sample run. One of the most commonly used passwords is "password". If a hacker knows the kind of hashing a computer system uses and obtains a password file, they can hash the commonly used passwords and see if any user in the file has the same unreadable string as their password. If they do, voila, the hacker has a user name and password they can use. To prevent this, a good security system also uses another randomly generated string to add to the password (concatenate onto the end of the password) that is also hashed. This helps even weak passwords to be stronger. For this program, you will use the userid as the string that is added to the password to make it a stronger password. In other words, concatenate the userid onto the end (right end) of the password before you hash it.

Write a Python program to implement your design. Make sure you eliminate the syntax and semantics errors. Start with a copy of the design file that you wrote in Step 2. Write your Python code between the commented lines of the design. Here is where your test plan comes in handy! Run your program with all the test cases that you came up with, to see that it is running properly. Use the same link at the top of this page to submit your source code when it is due. Use the menu choices of "Code" and "Program 1".

There are several specifications about how your program should be written.

  • Here's some help: in order to do the hashing, you need two things:
    1. import the library called hashlib (Note that this does NOT say to use "import hashlib". You decide what kind of import statement you need.)
    2. use this line: hashed_password = sha256(password.encode()).hexdigest() to do the call to the hashing function (sha256). This line assumes that the string to be hashed is called password. You can change that name, but don't change anything else on the right hand side of the assignment statement.
  • If you want more detail about hashing, here is a short writeup.
  • This program uses input; please prompt the user for each value.
  • Make sure you format the lines of the output as described above. The line breaks and the punctuation MUST be as shown. Make sure the colons are where they are shown in the sample runs.
  • Your program must be documented. Use meaningful multi-character variable names. You must have a header (prolog). Your code appears between the design steps. Your program must have a main function and call it to run the program.

Bonus! (10 points)

Use the hash function to verify the user's password. After performing the tasks described above, ask the user to enter their password again, hash the result using the same salt as before, and compare the hash with the hash of the original password. Do not compare the passwords directly, only the hashes. If the hashes are equal, print the message "Welcome back". Otherwise, print "You are banned".

Sample run with bonus:

Enter your first name: Bob
Enter your last name: Brown
Enter your userid: bbrow33
Enter your password: password

bbrow33:Bob Brown:7e3e8438c096c2bb287562d1a4bbdaf019ef303544832c44e0427ff45adf5a37

Enter your password again: password2
You are banned

Some rules about bonus points:

  • You must turn your program source in by the due date to be eligible for bonus points. So don't make yourself late in order to get the bonus done! You won't get them!
  • Please LABEL the code for the bonus with a comment that says BONUS. Make it easy for your TA to find!
  • Make sure your program at least runs without crashing. We don't give bonus points if the main assignment is not at least approximately right.

Subject Computer
Due By (Pacific Time) 09/30/2015 11:00 pm
Report DMCA

Chat Now!

out of 1971 reviews

Chat Now!

out of 766 reviews

Chat Now!

out of 1164 reviews

Chat Now!

out of 721 reviews

Chat Now!

out of 1600 reviews

Chat Now!

out of 770 reviews

Chat Now!

out of 766 reviews

Chat Now!

out of 680 reviews
All Rights Reserved. Copyright by - Copyright Policy