R4.C.08/td-passwords-files/skeleton.py
Francois Lesueur e08cdc3b61 bootstrap
2023-01-22 17:36:16 +01:00

132 lines
4.9 KiB
Python

#!/usr/bin/env python3
import time
import sys
from toolbox import *
# You should tweak these values during the work
nblogins = 10 # would be larger in real-life
nbpasswords = 1000000 # would be larger in real-life
nbiterations = 10 # 10000 is currently recommended, should be adapted to the usecase and changed with time (improvement of computation power), like a key size
############################################
# Part of the script to edit #
############################################
# Hint : you can call decrypt(key,data) to decrypt data using key
def crackencrypted(database):
key = readfile("enckey")[0]
crackeddb = []
for i in database:
# i[0] is the login, i[1] is the encrypted password
#...
crackeddb.append((i[0],i[1])) # second argument should contain cleartext password
return crackeddb
# Hint : - genshahashes(passwords) returns all the hashes of passwords dictionary
# - getpassfromshahash(hashes, hash) returns the password which hashed as "hash" in hashes
def cracksha(database):
global nbpasswords
passwords = getPassDict(nbpasswords) # passwords contains a dictionary of passwords
#...
crackeddb = []
for i in database:
# i[0] is the login, i[1] is the hashed password
#...
crackeddb.append((i[0],i[1])) # second argument should contain cleartext password
return crackeddb
# Hint : salthash(password, salt) return the salted hash of password
def cracksaltedsha(database):
global nbpasswords
passwords = getPassDict(nbpasswords)
crackeddb = []
for i in database:
# i[0] is the login, i[1] is the hashed password, i[2] is the salt
#...
crackeddb.append((i[0],i[1])) # second argument should contain cleartext password
return crackeddb
# Hint : pbkdf2(password, salt, nbiterations) returns the pbkdf2 of password using salt and nbiterations
def crackpbkdf2(database):
global nbpasswords
passwords = getPassDict(nbpasswords)
crackeddb = []
for i in database:
# i[0] is the login, i[1] is the hashed password, i[2] is the salt, i[3] is the iteration count
#...
crackeddb.append((i[0],i[1])) # second argument should contain cleartext password
return crackeddb
############################################
# Nothing to change after this line ! #
############################################
if __name__ == '__main__':
# When called with init
if len(sys.argv) > 1 and sys.argv[1] == "init":
initworkspace(nblogins,nbpasswords,nbiterations)
print("Workspace initialized in files/ subdirectory")
exit(0)
# Test whether init has been called before
try :
readfile("plain")
except FileNotFoundError:
initworkspace(nblogins,nbpasswords,nbiterations)
print("Workspace initialized in files/ subdirectory")
# test plain DB
print("\n============\nPlain storage:")
plaindb = readfile("plain")
print("Plain DB is : " + str(plaindb))
print("Authenticating with plain DB : " + str(authplain(plaindb[0][0],plaindb[0][1],plaindb)))
#test encrypted db
print("\n============\nEncrypted storage:")
encdb = readfile("enc")
print("Encrypted DB is " + str(encdb))
print("Authenticating with encrypted DB : " + str(authencrypted(plaindb[1][0],plaindb[1][1],encdb)))
start = time.time()
crackedenc = crackencrypted(encdb)
end = time.time()
print("Time to crack encrypted DB : " + str(end-start) + " seconds")
print("Cracked encrypted DB is " + str(crackedenc))
#test SHA db
print("\n============\nSHA storage:")
shadb = readfile("sha")
print("SHA DB is " + str(shadb))
print("Authenticating with SHA DB : " + str(authsha(plaindb[0][0],plaindb[0][1],shadb)))
start = time.time()
crackedsha = cracksha(shadb)
end = time.time()
print("Time to crack SHA DB : " + str(end-start) + " seconds")
print("Cracked SHA DB is " + str(crackedsha))
#test Salted SHA db
print("\n============\nSalted SHA storage:")
saltedshadb = readfile("saltedsha")
print("Salted SHA DB is " + str(saltedshadb))
print("Authenticating with Salted SHA DB : " + str(authsaltedsha(plaindb[0][0],plaindb[0][1],saltedshadb)))
start = time.time()
crackedsaltedsha = cracksaltedsha(saltedshadb)
end = time.time()
print("Time to crack salted SHA DB : " + str(end-start) + " seconds")
print("Cracked salted SHA DB is " + str(crackedsaltedsha))
# test PBKDF2 DB
print("\n============\nPBKDF2 storage:")
pbkdf2db = readfile("pbkdf2")
print("PBKDF2 DB is " + str(pbkdf2db))
print("Authenticating with PBKDF2 DB : " + str(authpbkdf2(plaindb[0][0],plaindb[0][1],pbkdf2db)))
start = time.time()
crackedpbkdf2 = crackpbkdf2(pbkdf2db)
end = time.time()
print("Time to crack PBKDF2 DB : " + str(end-start) + " seconds")
print("Cracked PBKDF2 DB is " + str(crackedpbkdf2))