Info Security

Please find pdf for the question. 

1

CSCI351 Assignment

2

Due by: 11:59PM on February 19, 2021 (Friday)

Instruction:

• Submit (1) a source program file (e.g., password.py) and (2) a PDF document
containing the plaintext password found, the number of words tested, and the
screenshot capturing the program run and the password found, and the source
code (copied from the source program file)

• Make sure you submitted the intended one. It is recommended that you download
what has been uploaded and double-check if the correct document has been
submitted.

• You can submit as many times as you want, but the last submission will only be
graded. If the last submission is made after the deadline, there will be a late
submission penalty.

• No plagiarism: Do not copy and paste any from textbooks and other resources to
answer questions (Zero points will be given otherwise).

• No resubmission/extension request will be accepted.

Programming: Password Brute-force Attack (50 pt.)

Write a program that performs the brute-force attack to break the password. The following
table shows encrypted passwords using the crypt() function. Your mission is to break the
password corresponding your CWID in the table. For example, the last digit of your CWID
is 1, then you should identify the password for indBOW06MoVz6.

Last digit of CWID Encrypted password
1 indBOW06MoVz6
2 in79RsnfG/VWo
3 inbqJM0dLgWvo
4 incT1ji3YqQ/Y
5 in7haMV00ylgk
6 in1U0tb9WpIcI
7 inPlXS.yNKivQ
8 inqidvfWapJp2
9 injY7hdQJTeu2
0 inQW.HgtuEe.M

Crypt() is a function to check UNIX/LINUX passwords, and the encrypted passwords
above are encoded by the standard crypt() function. Hence, you should use the crypt()
function to break the password. The crypt() function takes two input parameters and
returns the encrypted password, as follows:

Input parameters:

• Password (plaintext): string

• Salt: string

Output:

• Encrypted password: string

2

The password length is six and the salt is set to ‘infosec’ (without using the quotation
mark). For the brute-force attack, you should try 6-character lower case letters of alphabet
from ‘aaaaaa’, ‘aaaaab’, ‘aaaaac’, …, to ‘zzzzzz’, with the salt. Report the original plaintext
password by breaking the encrypted password (one based on your CWID). Also report
how many words you tested to find the original password.

It is recommended to write a program using either Python or C/C++. While there are
numerous resources for referencing crypt(), the following shows just two of them (but you
can refer to any other helpful resources).

• Python: https://docs.python.org/3/library/crypt.html

• C: https://man7.org/linux/man-pages/man3/crypt.3.html

Finally, submit the following:

• Screenshot showing the program running, the key found, and the number of
words tested: 30 pt.

• Source code in the document: 10 pt.
• Source programming file (must be compilable and executable): 10 pt.

https://docs.python.org/3/library/crypt.html

https://man7.org/linux/man-pages/man3/crypt.3.html