# A3
**Deadline:** Wednesday, October 31, 2018, 11:59 pm
*This assignment may be done as individuals or with one partner.*
Rather than enforcing a particular password recipe, some websites will
instead indicate to users whether a new password they have
chosen is strong or weak. Your task is to program your own password
classifier that, given a password, classifies it as either strong or
weak. More nuanced classification—e.g., very strong, strong,
weak, very weak—could be possible, but we're considering only a binary
classification here.
You may use any heuristics that you want to build your classifier,
including those we've covered in class as well as any you might discover
by doing independent research. You may not, however, reuse any code or
libraries specifically designed for password classification.
Any particular algorithms that you've identified by
independent research must be attributed to their proper inventor in
comments in your source code.
**Specification:**
The executable for your program should be named `classify`.
Your program should read a string from standard input and write back to
standard output either the string `weak` or `strong`. Here are some
example invocations:
```
$ classify
123456
weak
$ classify
2984borawQ!
strong
$ classify
iloveyou
weak
```
**Evaluation:**
I will evaluate your classifier by running it against passwords that I
have previously classified myself. I will generate high-strength
passwords, which I will label `strong`, and low-strength passwords,
labeled `weak`. How will I generate and label them? Based on the
[work by Kelley et al.][kelley12]. My high-strength passwords will be
generated by recipes that their Figure 1 suggest are hard to crack, and
likewise for low-strength passwords.
You are also required to submit a list of 10 strong passwords and 10 weak
passwords. I will run all submissions against these passwords lists as well,
which will constitute a portion of your grade. Please be reasonable; I will
run your generated passwords through my classifier as well to ensure that
your classification is fair.
* I am not attempting to be tricky here. Your classification does not need
to be 100% identical to mine for you to get full credit on this assignment.*
Your classifier must output exactly the string `weak` or the string `strong`
so that my automated scripts can test your classifier; any other outputs
will be deemed incorrect.
[kelley12]: https://www.ece.cmu.edu/~lbauer/papers/2012/oakland2012-guessing.pdf
**On wordlists:**
It is permissible for your program to perform an initial download of
static data files (e.g., wordlists) as part of installation or its first
execution. Any wordlists we happen to use in generation will be those we
could freely download, not wordlists for which payment is required. So
you have no motivation to pay for wordlists. Needless to say, using a
download to update your source code itself would be a serious violation
of academic integrity.
**Grading environment:**
Grading will be done in the course VM used in A1 or (by request) on a mac image
running OS X 10.13 (High Sierra).
You may use any programming or scripting language that can be installed
on the virtual machine as long as that language can be installed by
`apt-get` (resp homebrew).
**Documentation:**
Provide a file named `README.txt` that documents the exact commands a
grader needs to run to install, configure, and run your program. For
example, if you use any packages installed by `apt-get`, `pip`, or
`brew`, then document in the README the commands that need to be
executed. Your documentation must be sufficiently clear that the I
can get your classifier installed and running within a couple minutes of
active work. Documentation that is unclear may be penalized.
**Feedback:**
Provide a file named `feedback.txt` that answers the usual questions:
1. How long did you spend on this assignment?
2. Any comments or feedback? Things you found interesting? Things you found
challenging? Things you found boring?
**What to submit:** an archive named `classifier.zip` with your source
code, README, and any additional data files your program needs for
operation.
This archive should not be bigger than 10 MB;
design your classifier with that constraint in mind. Also, submit 2 files named
`weak.txt` and `strong.txt` which should contain 10 weak and 10 strong
passwords respectively. Each password should be separated by a newline and the
file must end with a newline as well. Also submit your `feedback.txt`.