Return-Path: william@bourbon.usc.edu Delivery-Date: Fri Nov 21 13:45:13 2008 X-Spam-Checker-Version: SpamAssassin 3.2.3 (2007-08-08) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-2.4 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.2.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.14.1/8.14.1) with ESMTP id mALLjDlI025855 for ; Fri, 21 Nov 2008 13:45:13 -0800 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.14.2/8.14.1) with ESMTP id mALLgqYu002537 for ; Fri, 21 Nov 2008 13:42:52 -0800 Message-Id: <200811212142.mALLgqYu002537@bourbon.usc.edu> To: cs551@merlot.usc.edu Subject: Re: random password Date: Fri, 21 Nov 2008 13:42:52 -0800 From: Bill Cheng Someone wrote: > spec says :- If it does not have the corresponding password, it should > prompt the user to see if it is okay to send a delete message based on > the random password > > does this means we prompt for permission to send *random password* > only if we find the file with matching filename,sha1,nonce in our file > system but no .pass file > > or > > do we prompt user for random password even if there was *no matching* > filename,sha1,nonce (i.e. ask for random password in every other case) If the password file/information exists, you do not prompt the user and just flood DELETE messages. If the password file/information does not exist, you prompt the user. If the answer is "yes", you generate a random password and flood that. If the answer is "no", don't do anything. > test case: A > (+2 points) > delete FileName=chess.jpg > SHA1=f7917fe4976d2c24f225bc4b6c2334e554b91c28 > Nonce=8ae005585be9c44ef1910d25dd6f8da58c432ab5 > should prompt the user to see if it's okay to > use a random password, type "yes" > nothing should get deleted, > type "status files 1 00.out", look at "00.out", > there should still be two files > > say now if i enter some non-existant filename, > > SERVANT XXXXX> delete FileName=abcd.xyz SHA1=3a5f........ > should it prompt for random password? No. If you do not have a file that matches the FileName, you cannot even verify that the SHA1 you have entered is correct. So, don't need to prompt. Although you should print an error message because it may be just a typo. -- Bill Cheng // bill.cheng@usc.edu