# A3 **Deadline:** Wednesday, October 31, 2018, 11:59 pm *This assignment may be done as individuals or with one partner.* Rather than enforcing a particular password recipe, some websites will instead indicate to users whether a new password they have chosen is strong or weak. Your task is to program your own password classifier that, given a password, classifies it as either strong or weak. More nuanced classification—e.g., very strong, strong, weak, very weak—could be possible, but we're considering only a binary classification here. You may use any heuristics that you want to build your classifier, including those we've covered in class as well as any you might discover by doing independent research. You may not, however, reuse any code or libraries specifically designed for password classification. Any particular algorithms that you've identified by independent research must be attributed to their proper inventor in comments in your source code. **Specification:** The executable for your program should be named `classify`. Your program should read a string from standard input and write back to standard output either the string `weak` or `strong`. Here are some example invocations: ``` $ classify 123456 weak $ classify 2984borawQ! strong $ classify iloveyou weak ``` **Evaluation:** I will evaluate your classifier by running it against passwords that I have previously classified myself. I will generate high-strength passwords, which I will label `strong`, and low-strength passwords, labeled `weak`. How will I generate and label them? Based on the [work by Kelley et al.][kelley12]. My high-strength passwords will be generated by recipes that their Figure 1 suggest are hard to crack, and likewise for low-strength passwords. You are also required to submit a list of 10 strong passwords and 10 weak passwords. I will run all submissions against these passwords lists as well, which will constitute a portion of your grade. Please be reasonable; I will run your generated passwords through my classifier as well to ensure that your classification is fair. * I am not attempting to be tricky here. Your classification does not need to be 100% identical to mine for you to get full credit on this assignment.* Your classifier must output exactly the string `weak` or the string `strong` so that my automated scripts can test your classifier; any other outputs will be deemed incorrect. [kelley12]: https://www.ece.cmu.edu/~lbauer/papers/2012/oakland2012-guessing.pdf **On wordlists:** It is permissible for your program to perform an initial download of static data files (e.g., wordlists) as part of installation or its first execution. Any wordlists we happen to use in generation will be those we could freely download, not wordlists for which payment is required. So you have no motivation to pay for wordlists. Needless to say, using a download to update your source code itself would be a serious violation of academic integrity. **Grading environment:** Grading will be done in the course VM used in A1 or (by request) on a mac image running OS X 10.13 (High Sierra). You may use any programming or scripting language that can be installed on the virtual machine as long as that language can be installed by `apt-get` (resp homebrew). **Documentation:** Provide a file named `README.txt` that documents the exact commands a grader needs to run to install, configure, and run your program. For example, if you use any packages installed by `apt-get`, `pip`, or `brew`, then document in the README the commands that need to be executed. Your documentation must be sufficiently clear that the I can get your classifier installed and running within a couple minutes of active work. Documentation that is unclear may be penalized. **Feedback:** Provide a file named `feedback.txt` that answers the usual questions: 1. How long did you spend on this assignment? 2. Any comments or feedback? Things you found interesting? Things you found challenging? Things you found boring? **What to submit:** an archive named `classifier.zip` with your source code, README, and any additional data files your program needs for operation. This archive should not be bigger than 10 MB; design your classifier with that constraint in mind. Also, submit 2 files named `weak.txt` and `strong.txt` which should contain 10 weak and 10 strong passwords respectively. Each password should be separated by a newline and the file must end with a newline as well. Also submit your `feedback.txt`.