Problem 1: Cracking Passwords without Salt.  Insecuratics has just started a webmail service and has decided to store the hashes of user passwords in their database. Specifcally, when a user enters a password, it is hashed once using the SHA-1 hash function and compared to the hash value stored in the database. If the values match, the user is allowed access. No salting is used. Unfortunately, a hacker recently gained access to the database and posted some of the hashed passwords online. Use the file sha1hashes-sp13.txt containing hashes for 12 passwords. See how many you can crack. Put your answers and a detailed explanation of what you did to nd them in a textfile called prob1.txt. If you use any scripts,you must also attach those scripts. You will get 1 point for each password that you crack, with a maximum of 10 points possible. Important: you cannot just supply the passwords; you will not receive credit unless you provide explanations and any scripts you use.

Problem 2: Cracking Passwords with Salt on Linux.  Recently, an associate of yours got access to an Ubuntu Linux server. You  suspect users of this system (UST students) have a strong tendency to use the same passwords for everything (including their online banking). Thus, if you can crack their login passwords, then you can probably also steal money from their bank accounts. Because your  associate had physical access, he was easily able to obtain the /etc/shadow file. The file, renamed to shadow-sp13.txt, is available to you. Your task is to crack as many of the passwords as you can. Submit a file prob2.txt with the username, the cracked passwords, and a detailed explanation of how you found the passwords. Additionally, you should attach any scripts you used. You can use any means to find the passwords (other than copying from other students/groups). Each cracked password is worth one point, with a max of ten points possible. You will want to use the mkpasswd program and likely will want to use a bash script. Important: as in Problem 1, you need to explain how you cracked the passwords and attach any scripts you used to receive credit.

Problem 3: Timing Attacks and Password Entry. Your professor has posted (provided you with) an executable file badpass-sp13 that, when run, asks for a password. There is one correct eight character password consisting of all numbers (0 through 9). It is your job to find the password. To do this, you'll have to exploit the fact that the program is vulnerable to a timing attack. Professor Yilek is not releasing the C source code used to generate badpass, but he has revealed that the password checking routine looks something like this:

while (more characters to check)
{

if (next character of guess != next character of password)
{
break;
}
do some other stuff
}

You should submit a file prob3.txt with the password and a description of what you did to find it.

Problem 4: Bad Random Number Generation.  Instead of using bits from /dev/random or even /dev/urandom, the good people at Insecuratics have invented their own ways of generating random bit strings for use in cryptographic tools. To generate an AES key and IV to be used in aes-128-cbc, they are proposing two methods. You should break each method. You should submit a text file prob4.txt with your answers and also descriptions of the methods you used. You must also attach any bash scripts you write to solve the problem.

4.1. (Hash Process IDs.) To generate the key,

$ ps | grep "ps" | awk '{print $1,1}' | openssl dgst -sha256 -hex | head -c 32

and to generate the IV,

$ ps | grep "ps" | awk '{print $1,2}' | openssl dgst -sha256 -hex | head -c 32

Download the ciphertext prob4pidenc.txt encrypted with this method. The IV that resulted from the above was  b9a907f715e45cfe5d47b08662affa17. Your job is to find the key and the famous book the plaintext is from. You may want to read about awk, as well as Unix process IDs (PIDs). Specifically, you'll want to learn what values PIDs can take on. As stated above, put your answer and a detailed description of what you did in a file prob4.txt.

4.2. (Hash result of date command.) To generate the key,

$ date | openssl dgst -sha256 -hex | head -c 32

and then repeat immediately to generate the IV. Download the ciphertext prob4dateenc.txt encrypted with this method. The IV that resulted from the above was d0ce6f467761cabc11eae59a2f34a8a1.Your job is to find the key and the famous book the plaintext comes from. As above, put your answer and a description of your method in a file prob4.txt .

Hint: Just from the above information it should be possible to break the encryption in a reasonable amount of time. However, you can break it even faster by taking into account that for both methods Professor Yilek started up the the class Debian image and generated the key and IV soon after. It might also be useful to know that he usually works on creating assignments in the evenings on the last couple of days before posting the assignment. Also, check out the -d option of date.