cs458 - Information Security - Homework #5

The purpose of this homework is to give you a chance to understand better the strength of various passwords by way of trying the extract plain text passwords from the file that holds the encrypted/hashed version.

Now, why would I want to that, you may ask? Well, there are a number of (good) reasons to do it, in particular if you're a security administrator, such as:

  • Check that user passwords are strong; if they're not, then require users to change their passwords
  • Get access to files on a former employee's computer; please note that this may be the easiest solution even though you're an administrator and, as such, you have full access to one's computer.

Law enforcement's primary need is to be able to gather (forensic) evidence.

Here is what you have to do for this assignment:

  • Download and install a password cracking tool such as John The Ripper.
  • Request from your instructor files to crack. You'll have to work with files from at least two operating systems, chosen from the following:
    • Linux
    • Windows-XP, Windows 7
    • OS-X (10.6+ only)
  • Get started cracking the file. Please keep in mind that some passwords are better than others, which means cracking them will take longer than others; if I were you, I'd reserve a few weeks for the task.

Deliverables

You will prepare a memo that includes a description of your experience using the password cracker, and the specific setup -- including the command line arguments -- you used to crack the password file(s) you received from your instructor. Compare and contrast the ease of cracking between the operating systems you have chosen for your assignment. In addition, rank the passwords you recovered based on how long it took to recover them. Comment on the specific detail that makes some of the passwords faster than others.

Don't forget to mention the version of the software you've used, detail about the computer you used in the process (make, model, CPU speed, main memory, etc.)

Last, but not least, you have to describe how you'd make the entire process. Provide enough detail such that anybody with access to a computer could follow your instructions.

Make sure the memo is very professionally written. No spelling errors. No grammatical errors, etc. If the document is deemed unprofessional, e.g. with grammatical or spelling errors, then it will be assigned a grade of zero.

Not required, however very nice to have, is a list of recommendations for how to make the assignment better, to the possible benefit of future generations.

Last update: Aug 20, 2013 Virgil Bistriceanu cs458 Computer Science

$Id: hw5.html,v 1.1 2013/08/20 17:17:05 virgil Exp $