CS 181S: A5

# A5 **Deadline:** Tuesday, March 26, 2024, 11:59 pm PT *This assignment should be in pairs* The goal of this assignment is to explore factors that impact password strength, to learn how to use password strength-checking tools, and to familiarize yourself with real user-selected passwords. **Underspecification:** Note that the implementation details for this assignment are deliberately underspecified. Beyond the specified requirements, all further details are up to you. Make reasonable choices and be prepared to defend them. ## Getting Started To get started, unzip the starter file [passwords.zip](./passwords.zip) to extract the two password lists. These are aggregated lists of passwords (with frequencies for each password) from two major password breaches: one containing the 32 million passwords leaked from RockYou---a company that developed widgets for social media---in 2010 and the other containing 40,000 passwords leaked from MySpace---an early social media site. ## Part 1: Password Rules Your first task is to infer what restrictions each of the two companies set on password selection. Note that both password lists may include older passwords that haven't been changed nice the current password rules went into effect, so you shouldn't expect 100% compliance with the current password rules. You should conduct a numerical analysis and generation visualization(s) to support your inferrences. ## Part 2: Evaluating Password Strength Your second task is to compare the strength of passwords between the two leaked password databases. To evaluate strength, you should use the [zxcvbn](https://github.com/dropbox/zxcvbn) open-source password strength calculator. Note that while the original tool is implemented in JavaScript, it has been ported to various other languages (linked in the README), so you can do this in the language of your choice. Using this tool, compare the strength of the passwords between teh two leaked password databases and draw conclusions about whether any differences in password rules resulted in differences in password strength. You should conduct a numeric analysis and generation visualization(s) to support your conclusions. ## Part 3: Writeup Write up your conclusions from Part 1 and Part 2, including the results of your numeric analysis and your visualizations. ### Feedback In the interest of improving future iterations of this course, please answer the following questions and upload them in a file called ```feedback.txt```: 1. How long did you spend on this assignment? 2. Any comments or feedback? Things you found interesting? Things you found challenging? Things you found boring? ### What to Submit You should submit the following three files: 1. A zipfile `src.zip` containing your analysis and visualization code from Part 1 and Part 2 along with a README file describing how to run your code. 2. Your writeup from Part 3 `writeup.pdf` 3. Your feedback file `feedback.txt`