Password Security
Luis Bravo, Yekaterina Kharitonova
Univeristy of California, Santa Barbara
Abstract
This assignment explores password security by engaging students in implementing Python functions related to generating secure passwords, enforcing strong password requirements, calculating password combinations, estimating password cracking times, and simulating dictionary attacks. Aimed at CS1 students, it reinforces Python programming skills within the context of cybersecurity, encouraging critical thinking about security implications in the digital age.
Overview
With the increasing reliance on digital platforms, password security has become a critical aspect of protecting personal and organizational data. This assignment is designed for CS1 students to bridge the gap between foundational programming skills and real-world cybersecurity challenges. A unique aspect of this assignment is that students are provided with a GUI application (main.py) built using Tkinter, which allows them to interact with and test their implementations in funcs.py. Students will focus on developing and testing the functions in funcs.py, while the provided main.py serves as a tool to visualize and experiment with their code.
In this assignment, students will:
- Implement functions to generate secure passwords.
- Enforce strong password requirements through validation.
- Calculate the number of possible password combinations.
- Estimate the time required to crack a password using brute-force methods.
- Simulate a dictionary attack to understand common vulnerabilities.
This hands-on approach promotes computational thinking and problem-solving skills while enhancing students' understanding of cybersecurity concepts. It encourages connections between complex topics through practical application, fostering engagement and relevance in the learning process.
Metadata
| Summary |
Exploring password security by implementing functions in Python to generate secure passwords, enforce strong requirements, calculate combinations, estimate cracking times, and simulate dictionary attacks. Students work on funcs.py and use the provided GUI in main.py to test their implementations. |
| Audience |
Most suitable for CS1 courses with students having basic Python knowledge. |
| Topics |
Cybersecurity, Python Programming, Algorithms, Simulations, String Manipulation, and File Handling. |
| Difficulty |
The assignment is designed as a homework or project spanning 1-2 weeks; however, it can be adjusted based on course requirements. |
| Strengths |
- Bridges practical cybersecurity problems with coding to empower interdisciplinary understanding.
- Provides real-world relevance, enhancing engagement and motivation.
- Includes a GUI application to make testing interactive and visually engaging, making the connection more tangible than just having a command-line interface.
- Encourages critical thinking about security implications and best practices, and creates natural opportunities for classroom discussion about password choice, weak password detection, and broader cybersecurity implications.
- Highly adaptable to different course structures and student skill levels.
|
| Weaknesses |
- May introduce advanced concepts challenging for some CS1 students.
- Requires careful scaffolding to ensure students understand cybersecurity principles.
- Potential difficulties in automating grading for code correctness, some parts of the assignment may require manual grading to ensure fair and accurate evaluation.
- Without explicit classroom discussion, a student could complete the assignment purely as a programming exercise without engaging with the cybersecurity concepts (no built-in requirement for students to demonstrate understanding of why their code matters from a security perspective).
|
| Dependencies |
Basic knowledge of Python: variables, data structures, control flows, functions, file I/O, and an introduction to GUI applications. |
| Variants |
- The assignment can be divided into separate modules focusing on specific aspects (e.g., password generation, validation).
- Can be adapted to other programming languages or expanded to include more advanced GUI development.
- Reviewers suggested incorporating explicit engagement with the cybersecurity concepts as part of the requirements: e.g., using real-world use cases of cyber attacks or having a discussion about the strong but easy to remember passwords (see the "Correct Horse Battery Staple" XKCD comic #936 as an example).
- Another reviewer's suggestion was for students to use their completed code through the front-end interface to determine how many different combinations of minimum password length and complexity requirements could be used to achieve a specific time-to-crack threshold (e.g., "Which combinations of requirements ensure that passwords take at least 1 year to crack?"). Tthis would require students to experiment with different parameters, observe the results, and critically analyze the relationships between password characteristics and security. Such tasks would transform passive exposure into active learning and strengthen the assignment's pedagogical contribution.
|
| Materials |
- Assignment handout (DOCX).
funcs.py: The Python file where students implement their functions.main.py: A provided GUI application built with Tkinter for testing and interaction.- Sample dataset of common passwords:
Rockyou.txt.
|
Download Assignment Materials (zip)
Teaching Notes
This assignment offers an opportunity to discuss the importance of cybersecurity and practical steps to protect sensitive information. When teaching this assignment, consider the following:
- Background Information: Provide an introduction to password security, common attack methods, and the consequences of security breaches. For example, the list of common passwords used in this assignment is a result of a data breach.
- GUI Interaction: Demonstrate how the provided
main.py GUI application works and how it interfaces with funcs.py.
- Real-World Examples: Share case studies highlighting the impact of weak passwords to emphasize relevance.
- Incremental Development: Encourage students to develop and test each function individually using the GUI to build confidence.
- Ethical Considerations: Discuss the ethics of cybersecurity, responsible coding practices, and legal implications.
Dependencies
Students should have access to:
- A Python development environment (e.g., IDLE, PyCharm, VSCode).
- The assignment materials, including
funcs.py, main.py, and the assignment handout.
- The
Rockyou.txt file or an alternative list of common passwords for the dictionary attack simulation.
- Python's Tkinter library for GUI applications (usually included by default).
Additional Notes
- Privacy and Security: Ensure students understand not to use actual passwords or personal data during testing.
- Data Files: The
Rockyou.txt file may contain offensive language. Consider providing a sanitized version. The original dataset is available from Kaggle and is 139.9 Mb.
- Grading: Due to variability in code implementation, consider using a combination of automated tests and manual review.
- Technical Support: Provide assistance with running the Tkinter GUI if students are unfamiliar with GUI applications.
- Assignment repo: Any changes or additions to this assignment, or files in other formats (e.g., Markdown instructions) will be added to this repo.
Acknowledgements
This assignment was inspired by the need to integrate practical cybersecurity concepts into introductory programming courses. Special thanks to educators and peers who provided feedback and support during its development.
Thank you to Professor Diba Mirza for helping us collect feedback from students by piloting this assignment!
We also want to express our gratitude to the reviewers who provided thoughtful suggestions on how to enhance this assignment.