# A5 **Deadline:** Friday, 04/15/16, 11:59 pm *This assignment may be done as individuals or with one partner.* ### Problem 1 Rather than enforcing a particular password recipe, some websites will instead indicate to users whether a new password they have chosen is strong or weak. Your task is to program your own password classifier that, given a password, classifies it as either strong or weak. More nuanced classification&mdash;e.g., very strong, strong, weak, very weak&mdash;could be possible, but we're considering only a binary classification here. You may use any heuristics that you want to build your classifier, including those we've covered in class as well as any you might discover by doing independent research. You may not, however, reuse any code or libraries for password classification: all the implementation must be your own. Any particular algorithms that you've identified by independent research must be attributed to their proper inventor in comments in your source code. **Specification:** The executable for your program should be named classify. Your program should read a string from standard input and write back to standard output either the string weak or strong. Here are some example invocations:  $classify 123456 weak$ classify 2984borawQ! strong \$ classify iloveyou weak  **Evaluation:** We will evaluate your classifier by running it against passwords that we have previously classified ourselves. We will generate high-strength passwords, which we will label strong, and low-strength passwords, labeled weak. How will we generate and label them? Based on the [work by Kelley et al.][kelley12] that we discussed in lecture 15. Our high-strength passwords will be generated by recipes that their Figure 1 suggest are hard to crack, and likewise for low-strength passwords. *We are not attempting to be tricky here. Your classification does not need to be 100% identical to ours for you to get full credit on this problem.* [kelley12]: https://www.ece.cmu.edu/~lbauer/papers/2012/oakland2012-guessing.pdf **Implementation:** You may use any programming or scripting language that can be installed on the Ubuntu virtual machine from A4, as long as that language can be installed by apt-get. **Documentation:** Provide a file named README.txt with the following information: * If you use any packages installed by apt-get, then document in the README how the grader can easily install those packages in their own virtual machine. * Document the exact command the grader should type in the virtual machine to run your program. It should not take more than a couple minutes (excepting whatever time apt-get itself consumes) for the grader to follow the installation and execution instructions; if it does, your solution might be penalized. **What to submit:** an archive named classify.zip with your source code, README, and any additional data files your program needs for operation. There will be a CMS-enforced limit of 10 MB on the size of this archive; design your classifier with that constraint in mind. **On wordlists:** It is permissible for your program to perform an initial download of static data files (e.g., wordlists) as part of installation or its first execution. Any wordlists we happen to use in generation will be those we could freely download, not wordlists for which payment is required. So you have no motivation to pay for wordlists. Needless to say, using a download to update your source code itself would be a serious violation of academic integrity. ### Problem 2 Complete this [guided tutorial on building an SSL-secured Java application](SSL.docx). It contains many questions that you should answer inside the Word document itself. Here is the Java source code: [[EchoServer.java](EchoServer.java)] [[EchoClient.java](EchoClient.java)]. Don't worry if you're not an expert Java programmer: every line of code you need is provided for you. **What to submit:** Submit your modified Word document as the solution to this problem. ### Submission If you work with a partner, first form a group on CMS; submit as that group, rather than submitting the same solution independently. Submit the files specified above to [CMS][cms]. [cms]: https://cms.csuglab.cornell.edu/ ### Evaluation You will be evaluated on the quality of your solutions and on your adherence to the submission stipulations above. We'll use the following criteria in evaluating quality: - *Validity:* do you present a logical, lucid, coherent, clearly focused, well structured, and appropriately detailed argument? - *Consistency:* do you employ concepts, principles, and terminology as they are used in this course? - *Evidence:* do you adequately support your conclusions? - *Writing:* do you use proper mechanics, grammar, and style?