Design of a Password Helper APK [WIP]

1 Background

  1. Password hashing
  2. Rainbow Tables.
  3. History of Broken Passwords

2 Goals

  1. Help a non-savvy user select a "good" password. Before she/he uses it somewhere.
  2. Educate the user about password cracking technicalities.
  3. [Bonus] Attract 1000+ downloads on Google Play. Within a month? Word of mouth only?

3 Requirements

Requirements are desired qualities expressed from the perspective of the user. Requirements are almost always written in natural languages, but in a careful stylized manner. Many of these qualitites are checkable only by a "judge and jury". Sometimes, we resort to an "acceptance test" of the delivered product.

  1. The following is way too short to be comprehensive.
  2. Performance Expected: The qualitative subjective rating of a password as being excellent/ very-good/ good/ mediocre/ bad/ terrible should happen "fast" (within a second).
  3. Consistency Expected: For the same tentative password, the subjective rating must not change over a period, unless a compelling reason can be given.

4 Specs

Specs are desired qualities expressed from the perspective of the software developer. Requirements and specs are expected to match. The match is checkable only by a "judge and jury". Specs are written in pseudo-formal languages. Close to programming languages. We expect specs to be verifiable.

  1. Performance/ Consistency Expected: Easily traslate to testable qualities.
  2. Breadth Expected: At least 10 word lists consulted.
  3. Sophistication: Legitimately takes > 10 CPU-seconds on a cloud computing facility. Can we do better than saying "legitimately"?

5 Design/ Impl

  1. Code must be easy to maintain and enhance.
  2. Deploy most of the techniques learned in this course.

6 APK Internals

  1. Maintain the source code on GitHub.

7 Testing

8 P5 P6 P7

8.1 P5 Task: Analyses of Password Dumps

  1. Design and build an APK that helps an ordinary (non-computer savvy) user with a password that she/he is about to create. For now, this is limited to checking if a (similar) password appears in the password dumps that are public. A "good enough" UI is acceptable. Focus on the behind the scenes technical analyses.
  2. Re-read the lecture notes on Passwords. There is a subsection on links to word lists.
  3. Deliverables: Include in the report (i) several (4+) screenshots of the running app, (ii) a status report, (iii) a summary paragraph of your experience with this task, (iv) a definition of "similar" passwords, (v) a description of what "help" an APK, such as this (at level of CEG 3900), can deliver in a future project. Upload to GitHub due +2 days later (vi) the src code, and (vii) user and developer documentation.

8.2 P6 Task: Enhance Password-Help Task#5 of P5

  1. Enhance the APK of Task 5 of P5. Recall that it is expected to help a non-computer savvy user with a password choice that she/he is about to deploy. For Task 5 of P5, this was limited to checking if a (similar) password appears in the password dumps that are public.
  2. Enhance to incorporate password strength metrics in a visible way.
  3. Incorporate a Password strength estimator in Java.

8.3 P7 Task: Enhance Password-Helper of P6

  1. This task further develops Android Front-End with Cloud Back-End. All of the above (Task 5 description given in P6) is still applicable. Additionally, enhance it as follows.
  2. Check if the chosen password is crackable via one of the tools.
  3. Actively suggest passwords created from multi-word phrases.

9 Related Work

  1. "Password Helper" is a name with fairly obvious purpose. But, our goals do not seem to be shared by many.
  2. com.compactpasswordgenerator Password Helper by Su Mulang on Google Play. "This is an app that allows you to generate a password randomly so that you don't have to think very hard for a password!"
  3. https://www.drupal.org/project/password_helper For Drupal. A simple module to provide Javascript based password generation (helps on admin user creation) by using following library
  4. https://code.google.com/archive/p/jquery-easypassgen/ "provides an easy way to generate strong password that is simple to remember. Password may contain characters (without o,i,l), numbers and special characters. It is chainable, but replaces elements html. In other versions it will support input and textarea elements without html replacement."
  5. https://gist.github.com/brainv/30648e34662c8fea9272 Strong Password helper for php / codeigniter
  6. https://www.npmjs.com/package/ng-password-helper
  7. https://www.npmjs.com/package/crypto-password-helper

10 References

  1. Lecture Notes on Passwords
  2. TED Talk on Passwords. Lorrie Faith Cranor, What’s wrong with your pa$$w0rd?, 2014. Video 17 min. Required Watch.

11 End

Copyright © 2017 www.wright.edu/~pmateti • 2017-04-05