May you make simple presentation just 3 or 4 slide about what you did in project. Also, the writing part make it (As plural), because it’s group work.
20191017164015project_1_spring_2020.docx
20191027030253dictionary_attack__2_.docx
Unformatted Attachment Preview
CPIT 425 – Oct, 2020
Suggested Project No 2
Title: Dictionary Attack
Beginning date: Today.
Deadline: End of week 13.
Individual work.
Project description:
The problem is when someone wants to know the
Password of a secured thing like a Wi-Fi and has found
the hash and salt in any kind of way the password can be
Cracked and find the password.
Discussion:
In cryptanalysis and computer security, a dictionary attack
is a technique for defeating a cipher or authentication
mechanism by trying to determine its decryption key or
passphrase by trying hundreds or sometimes millions of
likely possibilities, such as words in a dictionary, A
dictionary attack is a method of breaking into a passwordprotected computer or server by systematically entering
every word in a dictionary as a password. A dictionary
attack can also be used in an attempt to find the key
necessary to decrypt an encrypted message or document.
Dictionary attacks work because many computer users and
businesses insist on using ordinary words as passwords.
Dictionary attacks are rarely successful against systems
that employ multiple-word phrases, and unsuccessful
against systems that employ random combinations of
uppercase and lowercase letters mixed up with numerals.
Deliverables:
The student must deliver a working program according to
the required functionality. In particular the user should be
able to brows and select his/her file for encryption and/or
decryption using either stream or block cipher.
In addition, the student must deliver a report containing
the following:
1. All object-oriented diagrams for designing the
described system.
2. Description of the obtained block cipher application
showing how to use it.
3. An implementation of the designed Dictionary Attack
system using suitable programming language.
4. Testing and documentation of sample cases for both
stream and block cipher.
Good Work
Introduction
When it comes to securing accounts and computer systems, people are predictable with the sort of
passwords they are likely to use. They mostly pick dictionary related phrases and words with they
can easily remember. In most cases, such a security threat is exploited via a technique called
dictionary attack. Frequently used words as well as numbers and symbols are highly prioritized in
dictionary attack mechanisms. However, the success rate for dictionary attacks is low for systems
that enforce the use of a combination of numbers, symbols, and words for passwords.
Background information
A dictionary attack, thus, can be defined as a technique that is used in an attempt to break into a
password protected systems through finding the necessary key to decrypt an encrypted phrase or
word. For his project, a hashing technique is applied in performing dictionary attack via application
of various hash functions. Hash functions take a key, which a group of characters, and then map
them to a value of a specified length, known as hash value. Since it is easier to find a shorter hash
value than a string, hashing is used for locating and indexing items within a database (Dang, 2015).
A mathematical algorithm that map string to a fixed size of bits of strings, known as cryptographic
hash function is designed to a function that is infeasible to reverse. Trying a combination of a large
number of possible inputs to check if they output a possible match is an ideal way to recreate input
data from a cryptographic hash function (Rogaway & Shrimpton, 2014).
Features of a cryptographic hash function
First, Hash functions value outputs are unique. A minor alteration, a word or phrase, leads to
change in the hash value that is different from the hash value of the original word or phrase.
Second, Hash value Computation for any given form of a word or phrase is quick. Third, it is
nearly impossible to generate a message from its hash value except for trying all possible messages.
Fourth, hash values are unique. It is impossible to find two different phrases or words with the
same hash value (Rogaway & Shrimpton, 2014).
The applications of the hash function
Hash functions are used in password verification. Storing user passwords into a human-readable
text lead to security threats in case the file congaing the password is accessed by a malicious
person, a black hat hacker. Thus, to minimize such security threat converting each password into
hash values. The user is authenticated when the password provided is hashed and compared to the
one that is stored in the password file or database.
Also, hash functions are used in integrity verification. Since a slight alteration of the original text
leads to a change in the hash values, hash functions are used to ensure that no changes have been
made to the original files and messages. This is done, ensuring that the hash value for the source
is the same as the hash value for the destination (Belenkiy, Acar, Jerez& Kupcu,2018).
The objective of the project
The primary purpose of this project is to get a password if we have the hash value for the password.
Thus, this is possible in two ways. First, we can crack a password whose hash value is known
through computing the password from its hash value. Even though hash functions are generally
irreversible, hash values for weak and dictionary related passwords can be reversed (Todorov,
2014).
For example, MD5 is a 128-bit hash, and it maps any string, no matter how long, into 128 bits. If
you run all strings of length, say, 129 bits, some of them have to hash to the same value. Thus, it
is practically possible to reverse a hash when having some context. It is possible to know the exact
word or phrase that was hashed to generate a certain value in the context of weak and short
passwords that are dictionary related. For instance, we can consider a weak password like
“account” then run it through a bit of Python to compute its MD5 hash
>>> import hashlib
>>> def foo(x):
print(hashlib.md5(x.encode(‘utf-8’)).hexdigest())
>>> foo(“password”)
e268443e43d93dab7ebef303bbe9642f
When you search for the hash value via google, it will show that it hash value for the phrase
“account.”
Second, we can crack a password whose hash value is known through computing the hash value
for a broad set of defined passwords, then compare the original hash value with the new one for
each password. The problem with this method is that it can take longer to find a long-phrase of a
password.
Elucidation for the solution
For this project, a dictionary attack technique used whereby a large file that contains hundreds of
thousands of possible dictionary related passwords is used to compute the hash values for the
passwords, then compare it with the original one. The drawback of this approach is that it is
mathematically insufficient.
Steps:
1. Run the program
2. Check if the python version is 3 and above
3. Enter the hash value
4. Access the wordlist file to get a password
5. Compute the hash value for the password
6. Match the entered hash value with the computed hash value.
7. If there is a match, the password is found, and if not match, the password has not been
found. You can exit the systems or try other hash values for different passwords. The
attack succeeds if the password is found and fails if the password is not found.
Process flow diagram for the program
Code for the program
Sample output
Conclusion
Weak and short passwords expose systems to security threats, and there are various techniques
that are used to exploit the vulnerability of this system related to weak passwords, among which
dictionary attack that is commonly used is. The hash functions strong and nearly impossible to
reverse. However, reversing hash functions for common and dictionary words and phrases as
possible, which a system security threat. For a successful dictionary attack, there must a match
between the entered hash values with the computed hash value.
References
Belenkiy, M., Acar, T., Jerez, H. N., & Kupcu, A. (2018). U.S. Patent Application No. 10/027,631.
Dang, Q. H. (2015). Secure hash standard (No. Federal Inf. Process. Stds. (NIST FIPS)-180-4).
Rogaway, P., & Shrimpton, T. (2014, February). Cryptographic hash-function basics: Definitions,
implications, and separations for preimage resistance, second preimage resistance, and
collision resistance. International workshop on fast software encryption (pp. 371-388).
Springer, Berlin, Heidelberg.
Todorov, A. (2014). U.S. Patent No. 8,640,212. Washington, DC: U.S. Patent and Trademark
Office.

Purchase answer to see full
attachment

Are you having trouble with the above assignment or one similar?

To date, 239 students have ordered this same assignment from us and received 100% original work. We can do the same for you!

We offers 100% original papers that are written from scratch.We also have a team of editors who check each paper for plagiarism before it is sent to you.

Click this “order now” button to see free Cost Breakdown!