# A5
**Deadline:** Tuesday, March 26, 2024, 11:59 pm PT
*This assignment should be in pairs*
The goal of this assignment is to explore factors that impact password
strength, to learn how to use password strength-checking tools, and
to familiarize yourself with real user-selected passwords.
**Underspecification:** Note that the implementation details for this assignment
are deliberately underspecified. Beyond the specified requirements, all further
details are up to you. Make reasonable choices and be prepared to defend them.
## Getting Started
To get started, unzip the starter file [passwords.zip](./passwords.zip) to extract the two
password lists. These are aggregated lists of passwords (with frequencies for
each password) from two major password breaches: one containing the 32 million
passwords leaked from RockYou---a company that developed widgets
for social media---in 2010 and the other containing 40,000 passwords leaked
from MySpace---an early social media site.
## Part 1: Password Rules
Your first task is to infer what restrictions each of the two companies set on
password selection. Note that both password lists may include older
passwords that haven't been changed nice the current password rules went into
effect, so you shouldn't expect 100% compliance with the current password
rules. You should conduct a numerical analysis and generation visualization(s)
to support your inferrences.
## Part 2: Evaluating Password Strength
Your second task is to compare the strength of passwords between the two
leaked password databases. To evaluate strength, you should use the [zxcvbn](https://github.com/dropbox/zxcvbn)
open-source password strength calculator. Note that while the original tool
is implemented in JavaScript, it has been ported to various other languages
(linked in the README), so you can do this in the language of your choice.
Using this tool, compare the strength of the passwords between teh two leaked
password databases and draw conclusions about whether any differences in
password rules resulted in differences in password strength. You should conduct
a numeric analysis and generation visualization(s) to support your conclusions.
## Part 3: Writeup
Write up your conclusions from Part 1 and Part 2, including the results of your
numeric analysis and your visualizations.
### Feedback
In the interest of improving future iterations of this course, please answer
the following questions and upload them in a file called ```feedback.txt```:
1. How long did you spend on this assignment?
2. Any comments or feedback? Things you found interesting? Things you found
challenging? Things you found boring?
### What to Submit
You should submit the following three files:
1. A zipfile `src.zip` containing your analysis and visualization code from
Part 1 and Part 2 along with a README file describing how to run your code.
2. Your writeup from Part 3 `writeup.pdf`
3. Your feedback file `feedback.txt`