Insecurity

Recall that a text file is just a sequence of bytes on disk, each of which represents an ASCII code. Unlike BMPs, text files do not have a "header." Suppose, though, that a file format for password-protected text files (which doesn’t actually exist) prescribes that any such file begin with a FILEHEADER, inside of which is an 8-character password with no trailing \0, per the below.

typedef struct
{
    char password[8];
}
FILEHEADER;

Immediately following that header is the file’s actual text (i.e., ASCII codes), much like RGBTRIPLEs follow a BMP’s BITMAPFILEHEADER and BITMAPINFOHEADER. Programs that support this file format should only display a file’s text if a user first inputs the correct password.

Were Problem Set 5’s ralph.txt password-protected with a password of, say, 12345678, it would be stored in this format per the below.

12345678When I grow up, I want to be a principal or a caterpillar. I love you Principal Skinner!

-Ralph Wiggum

Answer the below in insecurity.txt.

Questions

  1. (2 points.) Why is this file format not very secure?

  2. (6 points.) Complete the implementation of the program below in such a way that it removes the password from a password-protected text file, storing just its text in a new passwordless text file. Assume that the program will be executed with two command-line arguments: the path to the former will be provided in argv[1], and the path to the latter will be provided in argv[2].

    #include <stdio.h>
    #include <stdlib.h>
    
    typedef struct
    {
        char password[8];
    }
    FILEHEADER;
    
    int main(int argc, char *argv[])
    {

Debrief

  1. Which resources, if any, did you find helpful in answering this problem’s questions?

  2. About how long did you spend on this problem’s questions?