Due: March 5 (Tues) 11:59pm. No late assignments will be accepted.
Submit your solution using CMS. Prepare your solution as .pdf, as follows:
DNA has been suggested as a basis for biometric authentication. Moreover, DNA sequencing technology will someday mature and be quite fast, so it will be feasible to consider its use for authentication of living things.
Will it be sensible, too? Discuss advantages and disadvantages of using DNA for biometric authentication, as compared with
A technophobe-oriented version of a 2-factor authentication product might implement the "2nd factor" by having a designated phone number where a given person can be contacted.
Here's how technophobe
Rather than enforcing a particular password recipe, some websites
indicate to users whether a password they choose is strong or weak.
Your task is to build such a password classifier.
Given a password as input, it should
classify that password as either
Your program should read a string from standard input.
For each string it reads, your program should write either
Use any heuristics that you want, including those covered in class and/or
those you discover by studying the literature.
Include comments in your source code and the written description you submit
to identify the sources for algorithms or ideas your classifier implements.
Here are some example invocations:
Implementation and Evaluation:
You may provide a setup script
We will evalute your classifier, in part, by running it against passwords
that we have previously classified ourselves.
We will generate high-strength passwords, labeled
Target Environment:
You may develop your system anywhere.
But we will grade your system by running it on the Linux hosts in UGCLab
(ugclinux.cs.cornell.edu;
see here for more information).
So use a programming or scripting language available within this environment,
and use Linux hosts in UGCLab to test what you will submit.
Programs that do not run on the Linux hosts in UGCLab
will receive no credit for executing correctly.
What to submit:
Resources For a refresher on bash scripting, see these CS 2043 lectures: here and here.
WS
might be authenticated.
1. P visits web page WS, which loads that page into browser.
2. WS learns a login identifier id for P either from a cookie
or by having P complete a form that WS displays.
3. WS forwards id to the authentication service.
4. The authentication service calls the designated phone number for P.
5. When the phone is answered, a fresh 4-digit number is vocalized by
the authentication service.
6. ????
There are two design options for what P
should
do (i.e., as step 6) with the 4-digit number that P
hears vocalized when P
answers the phone:
Compare and constrast these design options.
P
enters the 4-digit number into the phone keypad.P
enters the 4-digit number into a web page WS
provided.
Problem 3:
strong
or weak
.
A more nuanced classification (e.g. very strong, strong, weak, very weak) is possible,
but we are only seeking a binary classification here.
classify.sh
strong
or weak
to standard output,
according to the strength of the password it just read.
An automated grading script will be used to test your classifier,
and this script considers all other outputs as incorrect.
$ ./classify.sh 123456
weak
$ ./classify.sh 2984borawQ!
strong
$ ./classify.sh iloveyou
weak
setup.sh
to perform any initial compilation or configuration needed for your program.
This script may also include an initial download of static data files (e.g. wordlists).
But note that any wordlists we use in generating test cases
will be those we could freely download---not wordlists
for which payment is required.
So you have no motivation to pay for wordlists.
Needless to say, using a download to update your own source code itself would be a serious violation of academic integrity.
strong
,
and low-strength passwords, labeled weak
based on the work by
Kelley et al.
Our high-strength passwords will be generated by recipes that their Figure 1 suggests
are hard to crack, and likewise for low-strength passwords.
classifier.zip
containing:
There will be a CMS-enforced limit of 10MB on the size of the archive;
design your classifier with this constraint in mind.setup.sh
and classify.sh
for preparing and running your classifier respectively.README.txt
that exactly documents how these scripts install, configure, and
run your classifer.
This document must be sufficiently clear that we can get your
classifier installed and running within a couple of minutes.
Instructions that are unclear may be penalized.
strong.txt
and weak.txt
that should contain 10 strong and 10 weak passwords, respectively.
Each password in these files should be separated by a newline, and the files must end
with a newline as well.
We will use our classifier to check the passwords in these files (among others),
and we may also use these files as input for testing other submissions.