Question on Conducting: Password Security: How easily can your password be hacked?

[Chung360]

First of all, I chose this experiment for a long term science experiment that I would conduct in a class called S.I.T.E.S. From what I got reading the procedures, you must get a list of passwords, and put it into any method you'd like to use. I plan on using Method 2, with the number wheel. I use a mac, and have already downloaded the Python software, and took the crack.py and clicked run. The thing is, I don't know what to do after that. Should I insert the passwords into a little space? Or should I take the thing that says "password0 = """ and insert my passwords into that? I would say that I'm a novice in Python, and computer programming in general. If someone could help me out on this, it would be great. Thank you.

[HowardE]

Hi Chung360-

The program as provided will take any *one* password and try that against all of the provided methods until one method finds a match, all methods fail, or you have to stop the computer and use it for something else. It isn't set up to process a list of passwords at all. That is a cool idea and maybe that's the first modification you could make to the program. Python loves working with lists of things.

The point of the project is not really to see how long it takes to guess a particular password, but rather to see what kinds of passwords are especially hard to guess. We're hoping that after studying and playing with this for a while you'll be good at picking secure passwords for your own accounts.

If you wanted to try a bunch of them and only use method 2, I'd suggest starting by looking around line 376 for

Code: Select all

    # This is a place for you to set a password of your own
    password0 = "314"

and replacing the 314 with the password you want to test against. Just below that is the section where it tries a bunch of methods, one after another. You'd want to put comments in to stop the program from trying the methods you don't care about. In this snippet, I put a double "##" in front of the lines that are involved with methods other than 2. You could also just delete the lines if that's easier.

Code: Select all

    # Look through our list of common passwords first
##    if not foundit:
##        foundit = search_method_3("passwords.txt")
    # Still looking? Let's combine the common passwords 2 at a time
##    if not foundit:
##        foundit = search_method_4("passwords.txt")
    # Still looking? See if it's a single digit
##    if not foundit:
##        foundit = search_method_1(1)
    # Still looking? See if it's a 2 digit number
##    if not foundit:
##        foundit = search_method_1(2)
    # Still looking? See if it's a 3 digit number
##    if not foundit:
##        foundit = search_method_1(3)
    # Still looking? See if it's a 4 digit number
##    if not foundit:
##        foundit = search_method_1(4)
    # Still looking? Use our rotary wheel simulation up to 6 wheels.
    # This should take care of any 5 digit number as well as letter
    # combinations up to 6 characters
    if not foundit:
        foundit = search_method_2(6)
    # Still looking? Try 7 digit numbers
##    if not foundit:
##        foundit = search_method_1(7)
    # Still looking? Try 8 digit numbers
##    if not foundit:
##        foundit = search_method_1(8)

If you remove the code, it turns into this:

Code: Select all

    print("Trying to guess password "+str(which_password))
    # Still looking? Use our rotary wheel simulation up to 6 wheels.
    # This should take care of any 5 digit number as well as letter
    # combinations up to 6 characters
    if not foundit:
        foundit = search_method_2(6)
    seconds = time.time()-overallstart

Whether you delete code or comment it out, when you run it will just do the one method and report the findings. Your addition of giving it a list of passwords is a nice idea. That would let you start up a bunch of searches and just leave the computer alone to do all the hard work. Cool.

Howard