Please Upload A Source Code File For This Assignment. ✓ Solved

Please Upload a source code file for this assignment. Explain

Please upload a source code file for this assignment. Explain your program appropriately using comments in the source code. You are to implement a Dictionary Attack with and without Password Salt program in either C++ or Python.

1. Accept a user password of length N as keyboard input to your program. You can determine your own length N.

2. Compute the hash of the password from step 1. Your hash function H() is simply the checksum.

3. Now you become an attacker and try to find the password of length N. Try every combination of length N password and for each combination, compute the hash and compare to the hash of the password from step 2. Measure execution time.

4. Now let's reinforce our password using the password salt. Accept an arbitrary non-negative integer number as keyboard input to your program.

5. Compute the hash of the concatenated password salt and password from step 4 and step 1.

6. Now you become an attacker and try to find the concatenated password salt and password. Try every combination of an arbitrary non-negative integer number and length N password and for each combination, compute the hash and compare to the hash from step 5. Measure execution time. Your program should have separate functions for the checksum and the two dictionary attacks with and without the password salt by the attacker.

Paper For Above Instructions

In this assignment, we will implement a Dictionary Attack with and without Password Salt, demonstrating how password security can be enhanced through the use of salts and how dictionary attacks are executed. We'll be using Python as our programming language for implementation and will define appropriate functions and logic as required in the task.

Program Overview

The program will consist of several key components:

  • A function to accept user input for the password and the salt value.
  • A checksum function that will act as our hash function to compute the hash of the password.
  • A dictionary attack function without salt that will attempt to guess the password by trying all combinations of input.
  • A dictionary attack function with salt that will also incorporate the password salt into the guessing algorithm.
  • Execution time measurement for both types of attacks.

Implementation Steps

Let's begin by setting the program's basic structure, starting with accepting the user input for password and salt.

def get_user_input():


Accept user input for the password


password = input("Please enter a password: ")


Accept user input for the password salt (an arbitrary non-negative integer)


salt = int(input("Please enter a non-negative integer as password salt: "))


return password, salt

Next, we will create the checksum function that serves as our hash function.

def checksum(input_string):


Simple checksum hash function that sums ASCII values


return sum(ord(char) for char in input_string) % 256  # simple modulus for simplicity

Now, we will create the two dictionary attack functions. The first function will perform the attack without the use of salt.

import itertools


import time


def dictionary_attack_no_salt(target_hash, length):


Attempt to find the password of given length that matches the target hash


start_time = time.time()


characters = 'abcdefghijklmnopqrstuvwxyz'


for password_tuple in itertools.product(characters, repeat=length):


password = ''.join(password_tuple)


if checksum(password) == target_hash:


print(f"Password found: {password}")


print(f"Execution time without salt: {time.time() - start_time} seconds")


return


print("Password not found.")

Next, we will implement the dictionary attack function that considers a password salt.

def dictionary_attack_with_salt(target_hash, password, salt, length):


Attempt to find the password and salt combination


start_time = time.time()


characters = 'abcdefghijklmnopqrstuvwxyz'


for password_tuple in itertools.product(characters, repeat=length):


for salt_value in range(0, 100):  # Checking for a range of salt values


combined_input = f"{salt_value}{password}"


if checksum(combined_input) == target_hash:


print(f"Password and salt found: {''.join(password_tuple)} with salt {salt_value}")


print(f"Execution time with salt: {time.time() - start_time} seconds")


return


print("Password and salt not found.")

Main Execution

Now, we can put everything together in the main section of our program, where we will obtain the user inputs and execute the dictionary attacks.

if __name__ == "__main__":


password, salt = get_user_input()  # Get input from user


target_hash = checksum(password)  # Calculate the hash of the password


print(f"Target hash: {target_hash}")


Perform dictionary attack without salt


dictionary_attack_no_salt(target_hash, len(password))


Perform dictionary attack with salt


dictionary_attack_with_salt(target_hash, password, salt, len(password))

Conclusion

This implementation has shown how a Dictionary Attack works a password with and without using a salt. Passwords without a salt can easily be attacked through brute-force methods, while salted passwords add an additional layer of complexity for an attacker.

Moreover, measuring the execution time for each approach helps us understand the computational limitations and effectiveness of our password protection strategies. These insights can lead to better practices in password management and security enhancements.

References

  • Stallings, W. (2017). Cryptography and Network Security: Principles and Practice. Pearson.
  • Diffie, W., & Landau, S. (2007). Privacy on the Line: The Politics of Wiretapping and Encryption. The MIT Press.
  • Schneier, B. (2000). Secrets and Lies: Digital Security in a Networked World. Wiley.
  • Hansman, S., & Hunt, R. (2005). A taxonomic approach to network security risks. Computers & Security, 24(1), 4-15.
  • Kahn, D. (1996). The Codebreakers: The Story of Secret Writing. Scribner.
  • Kerckhoffs, A. (1883). La cryptographie militaire. Journal des sciences militaires, 9, 5-38.
  • Pfleeger, C. P., & Pfleeger, S. L. (2007). Security in Computing. Prentice Hall.
  • Rivest, R. L. (1978). Method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM, 21(2), 120-126.
  • Easttom, C. (2018). Computer Security: Principles and Practice. Pearson.
  • Mitnick, K. D., & Simon, W. L. (2002). The Art of Deception: Controlling the Human Element of Security. Wiley.

Related Assignments