Passwords

Notes

• Let's explore passwords a bit.
• How does a password work (human level)?
  • We assume that the system has a stored copy of your password
  • It challenges you by asking you for this password
  • It then checks to see if the password you gave it matches the password that is stored.
• This is not right, but it will do for now, we will investigate this further later.
• Right now, we are worried about the threat of someone discovering your password.
• Let's assume that you haven't done anything silly like making your password you dog's name.
  • We will investigate a tool to exploit this soon.
• Why does the university have these rules?
• A brute force attack on a password is an attempt to try all passwords
  • Is this feasible?
  • As a programmer, could you generate all
    • 1 letter passwords
    • All 2 letter passwords?
  • Let's take a look at some code
    • cryptSpeed.cpp.
    • crypt is a the function that creates an "encrypted" linux/unix password.
    • string.c_string() takes a c++ string and returns a c style string.
    • rand() produces a random integer between 1 and RAND_MAX
    • srand seeds the random number generator.
    • You can ignore the chrono parts
• Let's do an experiment with passwords
  • Start excel or any spreadsheet
    • On your desktop or online, through "email"
  • Constants
    • In Cell A2 put "Alphabet Size"
    • In Cell B2 put 26
    • In Cell A3 put "Processor PPS"
    • In cell B3 put 150,000
      • This is the value I got on Mirkwood for passwords per second
    • In A4 put "Processors"
    • In B4 put 1
    • In A5 put "Passwords Per Second"
    • In B5 put = B3*B4
    • 
  • Number of passwords
    • In cell A7 put "Characters in Password"
    • In cell B7 put "Number of Passwords"
    • In A8 put 1
    • In B8 put =$A$2^A8
    • explain this formula
    • Copy These two down, possibly up to 20 characters in a password
    • 
  • Time Involved
    • In C7 put "Seconds"
    • In D7 put "Minutes"
    • In E7 put "Hours"
    • In F7 put "Days"
    • In G7 put "Years"
    • In C8 put =B8/$B$5
    • Explain this
    • In D8 put =C8/60
    • In E8 put =D8/60
    • In F8 put =D8/24
    • In G8 put =D8/365
    • Explain this
    • Copy these cells down...
    • 
  • Adjust the parameters
    • Cell B2 represents the number of letters in the alphabet to choose from.
    • How do the campus rules change this?
    • Cell B4 represents the number of cores involved in a computation
    • Is 1 reasonable for this?
• Explain how the number of characters in the password and the number of letters in the alphabet it is chosen from impact the security of a password.