# A5
**Deadline:** Friday, 04/15/16, 11:59 pm
*This assignment may be done as individuals or with one partner.*
### Problem 1
Rather than enforcing a particular password recipe, some websites will
instead indicate to users whether a new password they have
chosen is strong or weak. Your task is to program your own password
classifier that, given a password, classifies it as either strong or
weak. More nuanced classification—e.g., very strong, strong,
weak, very weak—could be possible, but we're considering only a binary
classification here.
You may use any heuristics that you want to build your classifier,
including those we've covered in class as well as any you might discover
by doing independent research. You may not, however, reuse any code or
libraries for password classification: all the implementation must be
your own. Any particular algorithms that you've identified by
independent research must be attributed to their proper inventor in
comments in your source code.
**Specification:**
The executable for your program should be named `classify`.
Your program should read a string from standard input and write back to
standard output either the string `weak` or `strong`. Here are some
example invocations:
```
$ classify
123456
weak
$ classify
2984borawQ!
strong
$ classify
iloveyou
weak
```
**Evaluation:**
We will evaluate your classifier by running it against passwords that we
have previously classified ourselves. We will generate high-strength
passwords, which we will label `strong`, and low-strength passwords,
labeled `weak`. How will we generate and label them? Based on the
[work by Kelley et al.][kelley12] that we discussed in lecture 15. Our
high-strength passwords will be generated by recipes that their Figure 1
suggest are hard to crack, and likewise for low-strength passwords. *We
are not attempting to be tricky here. Your classification does not need
to be 100% identical to ours for you to get full credit on this problem.*
[kelley12]: https://www.ece.cmu.edu/~lbauer/papers/2012/oakland2012-guessing.pdf
**Implementation:**
You may use any programming or scripting language that can be installed
on the Ubuntu virtual machine from A4, as long as that language can be
installed by `apt-get`.
**Documentation:**
Provide a file named README.txt with the following information:
* If you use any packages installed by `apt-get`, then document in the
README how the grader can easily install those packages in their own
virtual machine.
* Document the exact command the grader should type in the
virtual machine to run your program.
It should not take more than a couple minutes (excepting whatever time
`apt-get` itself consumes) for the grader to follow the installation and
execution instructions; if it does, your solution might be penalized.
**What to submit:** an archive named `classify.zip` with your source
code, README, and any additional data files your program needs for operation.
There will be a CMS-enforced limit of 10 MB on the size of this archive;
design your classifier with that constraint in mind.
**On wordlists:**
It is permissible for your program to perform an initial download of
static data files (e.g., wordlists) as part of installation or its first
execution. Any wordlists we happen to use in generation will be those we
could freely download, not wordlists for which payment is required. So
you have no motivation to pay for wordlists. Needless to say, using a
download to update your source code itself would be a serious violation
of academic integrity.
### Problem 2
Complete this [guided tutorial on building an SSL-secured Java application](SSL.docx).
It contains many questions that you should answer inside the Word document itself.
Here is the Java source code:
[[EchoServer.java](EchoServer.java)]
[[EchoClient.java](EchoClient.java)].
Don't worry if you're not an expert Java programmer: every line of code you need
is provided for you.
**What to submit:** Submit your modified Word document as the solution to this problem.
### Submission
If you work with a partner, first form a group on CMS; submit as that group,
rather than submitting the same solution independently.
Submit the files specified above to [CMS][cms].
[cms]: https://cms.csuglab.cornell.edu/
### Evaluation
You will be evaluated on the quality of your solutions and on your
adherence to the submission stipulations above. We'll use the following
criteria in evaluating quality:
- *Validity:* do you present a logical, lucid, coherent, clearly
focused, well structured, and appropriately detailed argument?
- *Consistency:* do you employ concepts, principles, and terminology
as they are used in this course?
- *Evidence:* do you adequately support your conclusions?
- *Writing:* do you use proper mechanics, grammar, and style?