PASSWORD GUESSING

2 hours. Can be divided into two 1 hour segments

This exercise teaches students how automated tools crack passwords and demonstrates how easily a password can be cracked. It also teaches students the qualities of hard-to-guess (strong) passwords.

Everyone uses passwords for authentication. They have many advantages - they are often easier to remember than other alternatives, users are familiar with the concept and all servers support them. But they also have many disadvantages. Users create passwords that are easily guessed by automated programs using dictionaries of common words. Users also tend to reuse their passwords on multiple servers, making it possible to compromise one server, guess the passwords and then use them to access other accounts by the same user. This exercise demonstrates the "easily guessed" part of the problem. Students will be asked to use a popular password guessing tool to crack a few commonly used passwords.