Type of assignment: This is an individual assignment. You are welcome to discuss the assignment with others and consult others but your should solve the problems in this assignment yourself. You are also welcome to use any tools and means to crack the passwords.

Note: The assignment submission should clearly student name, and student number on the first page.

Points: The maximum number of points for this assignment is 32, which will be prorated accordingly after all assignments are posted. Weight of each problem is in parenthesis.

Format:

1. Assignment submissions are accepted in the following formats only: HTML (extension .html), PDF (.pdf), ASCII text (.txt). Assignments submitted in any other format will be discarded. All text in the assignment submissions must be typed and figures plotted to be easy to read and understood. Spelling, grammar, and other language errors will result in fewer points credited to the corresponding problem solutions.

What should be provided in your answer:

In your answer, (1) detail the methods and tools you used to extract your password, and (2) for each of the password files:

1. Provide the passwords associated with your student ID, write how long (in CPU time) it took you to find the password.
2. Compute simple entropy of the password (i.e., "the uncertainty in the value of a password") using the following formula e = log2(b**l). Simple entropy of passwords is conventionally expressed in bits. If a password of k bits is chosen at random there are 2**k possible values and the password is said to have k bits of entropy. If a password of length l characters is chosen at random from an alphabet of b characters (for example the 94 printable ISO characters on a typical keyboard) then the entropy of the password is b**l (for example if a password composed of 8 characters from the alphabet of 94 printable ISO characters the entropy is 94**8 ≈ 6.09 x 1015 – this is about 2**52, so such a password is said to have about 52 bits of entropy).

Problems

Find out your passwords from the following password files.

1. (2 points) Passwords in this file are similar to what is used for debit and credit cards or for locking phones. They are all 4 digits. This passwords simulate actual PINs used by people in real applications.

2. (3 points) Passwords in this file are also 4 digits long but they random, simulating "strong" PINs chosen by security-concious users.

3. (5 points) Passwords in this file are also 4 characters long but they can have letters, digits, and special characters (!@#$).

4. (4 points) Passwords in this file are 6 characters long and they can have only digits, simulating "long" PINs.

5. (6 points) Passwords in this file are 6 characters long and they can have both letters and digits.

6. (12 points) Passwords in this file comply with UBC CWL password policy. For your convinience, here's the requirements for the CWL password: