In this lab you will be learning about passwords, the strength of them as security access controls. You will have a change to test your own password and some of your friends and family passwords too.
Tasks and Questions
1. Read background articles on Passwords and their strengths. See links below.
Password Advice from Fidian.com
Passwords from Wikipedia
Dale Swanson Blog Password Advice
2. Part 1 - In the Lab - Apply What you Know at On-line Password Sites
You will try your own passwords at these sites. Report for each the score or assessment of your password. You do not have to include your password in the report, maybe just the length. Report any statistics produced by the site. Difficulty, how long to crack it, etc. Read the Haystack site to understand what they are doing. Also try a couple of made up passwords and report what the score is for them.
1. Password Strength checker
2. Haystack Idea - Brute Force - from Gibson Research Corp
3. On-line Domain Tools Password Checker
4. Dale Swanson Password Checker
3. Part 2 - At home - Get other people's passwords. Be clever and ask your friends and family for their passwords.
a. You can ask them directly and promise not to use them ... kind of risky. Promise you will report back the security of their favorite passwords. OR .....
b. You can present them with your laptop and get them to type them into at least one of the sites above so they can see the strength of the passwords.
c. Record the results of their/your tests with other's passwords.
4. Questions - Please answer the questions
1. What is the difference between a brute force attack and a dictionary attack?
2. How much does the length affect the password's strength?
3. Was it surprising to see what the Haystack site was presenting with regards to passwords?
4. What are the tradeoffs between completely random passwords and passwords people can recall?
5. What did you learn about the passwords used by you and your friends? Are they strong enough?
Turn in Instructions
1. Answer all the questions above.
2. You can include the answers in an email to me either in the email text or as an attachment
3. Also include the report you created for your/others passwords from Part 1 above.
4. Put, CSCD303-Lab1 in the Subject line.