Information security

 

Check the slides “OS Security II,” pg. 4-8. You are to implement a Dictionary Attack with and without Password Salt program in either C/C++ or Python.

If you are not familiar with measuring execution time in C++, see the following website:

https://www.geeksforgeeks.org/measure-execution-time-function-cpp/

If you are not familiar with measuring execution time in Python, see the following website:

https://stackoverflow.com/questions/1557571/how-do-i-get-time-of-a-python-programs-execution

See the following steps.

1. Accept a user password of length N as keyboard input to your program. You can determine your own length N.

2. Compute the hash of the password from step 1.

Your hash function H() is simply the checksum. 

3. Now you become an attacker and try to find the password of length N.

Try every combination of length N password and for each combination, compute the hash and compare to the hash of the password from step 2.

Measure execution time.

4. Now let’s reinforce our password using the password salt. Accept an arbitrary non-negative integer number as keyboard input to your program.

5. Compute the hash of the concatenated password salt and password from step 4 and step 1. To compute the password salt portion of the checksum, you can treat the entire password salt as EITHER a single integer OR multiple one-byte integers.

6. Now you become an attacker and try to find the concatenated password salt and password.

Try every combination of an arbitrary non-negative integer number and length N password and for each combination, compute the hash and compare to the hash from step 5.

Measure execution time.

NOTE: your program should have separate functions for the checksum and the two dictionary attacks with and without the password salt by the attacker.

Tags: No tags