Computer Science - Security hw

sara98
Homework2password-cracking.docx
Home>Computer Science homework help>Computer Science - Security hw

CMPS 385

Assignment 2 (Total: 7 points = 5 points + 2 points BONUS)

The task is to design and implement a secure scheme for authentication. First of all we will demonstrate the weakness of passwords.

Question 1. Password cracking = 4 points

This question is based on the tutorial at the following link.

https://resources.infosecinstitute.com/topic/hashcat-tutorial-beginners/

Hashcat is a popular password cracker and designed to break even the most complex passwords representation. In this assignment you will work on cracking passwords

Create a dictionary with MBD5 hashes

Choose 12 passwords following the example below.

Make the passwords different length and complexity (letters only, letters and numbers, small and capital letters and numbers, small and capital letters and numbers and special characters), length – 6,8,10 letters.

echo -n “YOUR_PASSWORD” | md5sum | tr -d ” -” >> target_hashes.txt ..

Check password hashes

cat target_hashes.txt

1. Install & Run hashcat

Hashcat is found ready in Kali Linux distribution. You’ll need to install Kali Linux first.

Text, website Description automatically generated with medium confidence

Choose the wordlist

Text Description automatically generated

Choose one of the wordlists above to do your experiment. You may change and try out different wordlists and report the findings if you do so.

Crack the hashes

hashcat -m 0 -a 0 -o cracked.txt

Report Results

Report your results

· What are the passwords that were cracked successfully?

· What is the time taken for the passwords to be cracked?

Question 2. Describe and Implement secure authentication mechanism

Total: 1 point + 2 points bonus

Since we have demonstrated the weakness of using passwords as the only authentication mechanism, now you will describe and implement a secure authentication mechanism.

Select one of the authentication systems/mechanisms shown in the class:

· U2F/WebAuthn

· Single sign on using JWT

· OpenID Connect

Explain how it works, with diagrams and example code. (1 point)

2 points BONUS question:

Write an example program that does the following:

· Register new users (email=user name, password)

· Login (with password)

· Send OTP (one time password) to user’s email

· Login (with password and OTP)

Include the code in your submissions, and explain how your program works with the screenshots of the above functions.