CSCI 343 - Homework 1

Homework

In this assignment, you will be trying your hand at cracking various passwords.

Collaboration

As with the other assignments in this class, I encourage you to discuss various approaches with your peers. However, as you are all working from the same password lists, try not to be too specific about revealing details.

You may work in small teams (up to three people per team). You may not work on multiple teams, and you must clearly identify your team members in your writeup.

Assignment Requirements

For this assignment, I want you to attempt to crack the passwords that are contained within the following zip file: hw01-pwdumps.zip

There are 4 files contained within the zip file. The first is Unix style, the second is MS-Windows. You may need to reformat them as standard /etc/passwd or /etc/shadow files in order to feed them to your cracking tools. (See "man 5 passwd" or "man 5 shadow" for details.)

Your primary goal is to crack the passwords listed in file 1 and file 2. The other two files are much larger and intended to represent actual passwords used on Internet sites. You will likely get many of these passwords cracked quickly, and others will take you much longer. These files are intended for you to get a sense of how your chosen tool works on a larger scale data set. (They also are in a different format from the first two.)

Step 1: Get a password cracking program

Go forth onto the Internet and find a password cracking program that works on either Unix or MS-Windows style passwords. I want you to find at least 4 different programs and select from them. You will need to explain the logic behind your reasoning.

Compile/build/install the software on either lab machines or your personal machine. If installing on a lab machine, I'd recommend installing into a subdirectory of your home directory so that it is available on multiple machines.

You will probably also need to go out and find word lists or dictionaries to use.

Step 2: Test your tool

Before throwing time and energy into breaking the full password file, verify that your tool is functioning correctly. Here are a couple plain text and crypted password pairs.

    happy    : bdWh.7jf3zFJM
    password : mlO36EwSe8sTk

    happy    : 4E1FB9BDD16A8F51AAD3B435B51404EE
    password : E52CAC67419A9A224A3B108F3FA6CB6D

Step 3: Learn to suspend your tool

You should have read the documentation for your selected tool as part of step 1. If you haven't, you really should. One thing to look for is some way to cause it to suspend and resume operations. If it doesn't have such, you can tell it to suspend and resume using kill -STOP <pid> to stop and kill -CONT <pid> to resume. You can also use pkill to do the same thing, but be sure to limit it to your own processes.

Also, you should look at how well it will continue in case the machine is rebooted. You may want to look at creating a cron job that checks to see if it is running (return value from kill -0 <pid>) and restarts it if necessary. Similarly, you might want a cron job to automatically stop it during lab times.

Step 4: Get cracking!

I've obtained permission for us to use the physical machines in the CS labs for this assignment. You should not run them on occs, clyde, or other CS computers.

Important restriction: due to the high enrollment in CSCI 150 and 151 this semester, you should be sure your programs are NOT running in either lab between 1-5pm on Monday through Thursday.

Out of respect for other lab users, there are a few things you should do:

1. Don't leave yourself logged in with the screen locked, run things in the background and log out. See me if you are unsure how to do this.
2. Respect the others in the class, don't try to "get ahead" by rebooting machines and interrupting your fellow students. This isn't a zero-sum game.
3. Run "niced" so that someone using the console can have a responsive system. Some of the tools will let you configure this, or you can simple tell it to do so from the command line:
   /usr/bin/nice -19 <command>

Keep track of the passwords cracked and the amount of time it took to do it.

Note: I don't expect you to be able to crack all of the passwords in the time allotted.

You should also put your password(s) into the mix. You can use the program ~rhoyle/bin/htpasswd.pl to generate a crypted version of any password.

If you need additional disk space, you can use /scratch which is local to each machine and persists across reboots. However, it does get wiped out during a reinstall, so don't keep anything important here for a long time.

Report

You will be submitting a typed report on your selections and results via Blackboard by the end of the day on Wednesday, 26 September 2018. Include the following information in your report:

1. What four cracking tools you found and considered, and why you selected the one you did. Include discussion of the features of each.
2. List where you found the cracking tool, and discuss the potential for malicious tampering that may have taken place.
3. What dictionaries did you use, and where did you find them? How many total entries were in your final dictionary?
4. Answer the following questions and show your work:
   1. How many crypts per second was your tool able to perform? (i.e., how many possible passwords could it try)
   2. How long should it take to do one pass through your dictionary?
   3. How long to brute force an 8 character password made from just letters, numbers, and shifted numbers "!@#$%^&*()"?
5. For file 1 and file 2: What passwords were you able to break? What passwords were still unbroken?
6. For file 3 and file 4: How many passwords did you crack and how many remained in each? NOTE: Do not list all of these passwords in your submission
7. What was the total amount of computation time you used when running your password cracking tool? If you used multiple machines, give the sum.
8. For file hw01-file01.txt, how much faster would you expect your tool to run if it contained unsalted passwords?
9. Come up with at least 3 passwords that should be difficult to crack by the tool you used, but still memorable. Be sure to explain this.
10. Any final comments or suggestions you wish to share with me about this exercise.