Password lab

1. Familiarize yourself with how to execute and edit Python programs.
2. Download the password lab zip file, and unzip it (by double-clicking it) into a new folder somewhere.
3. Cracking numeric passwords: We first investigate the cracking of numeric passwords (i.e. passwords that consist only of numeric digits, like "34259"). The program guess-numeric.py accepts one commandline argument specifying the number of digits in your password. For example, the command python guess-numeric.py 6 will ask you to enter a six-digit numeric password. It then tries to guess your password (by randomly selecting six-digit numbers until it finds the right one) and tells you how long it took to do so.
   • Activity: By repeatedly running guess-numeric.py with different inputs, and recording the results, estimate the average time required to crack numeric passwords of length 5, 6, and 7.
   • Homework exercise 1.1: State the average times you recorded in the previous activity, for lengths 5, 6, and 7.
   • Homework exercise 1.2: By approximately what factor does the time taken to guess the password increase, whenever an extra digit is added to the length of the password?
4. Cracking alphabetic passwords: Next we investigate the cracking of lowercase alphabetic passwords (i.e. passwords that consist only of the lowercase letters a-z, like "fudjfdo"). The program guess-alphabetic.py accepts one commandline argument specifying the number of letters in your password. For example, the command python guess-alphabetic.py 6 will ask you to enter a six-letter lowercase password. It then tries to guess your password (by randomly selecting six-letter strings until it finds the right one) and tells you how long it took to do so.
   • Activity: By repeatedly running guess-alphabetic.py with different inputs, and recording the results, estimate the average time required to crack numeric passwords of length 4 and 5. (If it's taking a long time, note that you can run multiple experiments simultaneously by opening up new Terminal windows.)
   • Homework exercise 1.3: State the average times you recorded in the previous activity, for lengths 4 and 5.
   • Homework exercise 1.4: By approximately what factor does the time taken to guess the password increase, when you lengthen the password from 4 characters to 5 characters?
   • Homework exercise 1.5: By approximately what factor does the time taken to guess the password increase, when you switch from a 5-digit numeric password to a 5-character alphabetic password?
5. (Optional) Cracking dictionary word passwords: Next we investigate the cracking of passwords that are words in English (e.g. "dog"). The program guess-word.py requires no commandline arguments. It loads a dictionary of about 250,000 English words, and asks you to enter an English word as your password. It then tries to guess your password (by randomly selecting words from its dictionary until it finds the right one) and tells you how long it took to do so.
   • Activity: By repeatedly running guess-word.py with different inputs, and recording the results, estimate the average time required to crack dictionary word passwords.
   • Homework exercise 1.6: State the average time you recorded in the previous activity.
   • Homework exercise 1.7: By approximately what factor does the time taken to guess the password increase, when you switch from a dictionary word password to a 5-character alphabetic password?
   • Discussion question A: (Discussion questions are not graded and you do not have to submit the answer. Please just write down your answer somewhere so that we can discuss it in class.) There seems to be a paradox here. If we use the same 5-character alphabetic password "robot" as input to guess-word.py and guess-alphabetic.py, the results are very different. Why do we get such different results when using exactly the same password?
6. (Optional) Cracking word+digit passwords: Next we investigate the cracking of passwords that consist of an English word followed by a single digit (e.g. "tree7"). The program guess-word-and-digit.py requires no commandline arguments. It loads a dictionary of about 250,000 English words, and asks you to enter an English word plus one digit as your password. It then tries to guess your password (by randomly selecting words from its dictionary followed by a random digit, until it finds the right combination) and tells you how long it took to do so.
   • Activity: By repeatedly running guess-word-and-digit.py with different inputs, and recording the results, estimate the average time required to crack word+digit passwords.
   • Homework exercise 1.8: State the average time you recorded in the previous activity.
   • Homework exercise 1.9: By approximately what factor does the time taken to guess the password increase, when you switch from a dictionary word password to a word+digit password?
   • Discussion question B: Which is the most secure of all the types of passwords investigated in this lab? Which is the least secure?
   • Discussion question C: What high-level lesson did you learn from this lab, if anything?
7. (Optional) Cracking word+2digits passwords: (This part of the lab is optional. No extra credit is available.) Save the file guess-word-and-digit.py as a new file called guess-word-and-2digits.py. Now edit your new file so that it guesses passwords consisting of a dictionary word plus 2 digits (e.g. "robot73"). Hint: you should only need to change the lines in the file marked with "#####". Once you have made the necessary changes, run the new program and determine approximately how much longer it takes to guess these word+2digits passwords, compared to the word+digit passwords.