Using JCA in Java- 5pgs due in 5hrs

COMP 522: Privacy and Security

University of Liverpool

Demonstrator: Emmanouil Pitsikalis Lecturer: Dr. Jeffrey Ray

LAB – 1. Attacking Password Online

LAB #1.1 – try base64 encoding and decoding

Objective:

· Understand Encoding and Decoding

Details:

1- From Burp suit main menu, go to decoder part.

2- Enter any text, then encode and decode it

LAB #1.2 –Hash table attack

1- Create a hash to any password that you want to attack, you can use Burp Suite decoder for that (or any other way). For example, the SHA1 hash for password (MyPassword) is (2qHzGBntSSj9AOmG5r2m2raxd9w=)

2- Copy the hash and go to any public sha1 hash table website and try to get equivalent text to it. (you can go to https://hashkiller.co.uk/sha1-decrypter.aspx )

3- Can you do hash table attack for the following password (sha1 hash) and by using the same website.

N	Password	Yes I can / No I can not
1	P@$$W0rD
2	thisismypassword
3	VeryLongP@$$W0rD

LAB #1.3 – Have My account password leaked to attackers

1- Open https://haveibeenpwned.com/

2- Provide your email and check if your account password has been leaked before by the attacker. If you, you have to change your password.

LAB #1.4 – How long to offline brute-force password

Note:

- Don’t Enter your real password

- The time it will take depends on processing speed

1- Open https://howsecureismypassword.net/ and https://password.kaspersky.com/

2- Try the following password and check the time needed to brute-force them

Password	Time on howsecureismypassword.net	Time on Kaspersky password checker
P@S$W0rD
thisismypassword
VeryLongP@$$W0rD
%O^t#2Fv0JUjVdRV2RW%

1