{"id":455,"date":"2014-07-04T19:06:43","date_gmt":"2014-07-04T23:06:43","guid":{"rendered":"http:\/\/josephpcohen.com\/cs210-summer2014\/?p=455"},"modified":"2014-07-04T19:06:43","modified_gmt":"2014-07-04T23:06:43","slug":"hw8","status":"publish","type":"post","link":"https:\/\/josephpcohen.com\/teaching\/cs210\/hw8\/","title":{"rendered":"HW8 : Hash Collisions"},"content":{"rendered":"<p>&nbsp;<\/p>\n<p>Due: 7\/15\/2014 @5:30pm via users.cs.umb.edu:cs210\/hw8<\/p>\n<p><strong>Purpose:<\/strong><br \/>\nGain experience with hash collisions and secure code<\/p>\n<p>Get the server code here: <a title=\"https:\/\/github.com\/ieee8023\/cs210-summer2014\" href=\"https:\/\/github.com\/ieee8023\/cs210-summer2014\" target=\"_blank\">https:\/\/github.com\/ieee8023\/cs210-summer2014<\/a><\/p>\n<p>For this project you are are going to use your knowledge of hash collisions to log into a server. The server is returning the hash of the password that you need to type in by accident. You can use this knowledge to gain access. Because you don&#8217;t need to find the password, you only need to find a collision.<\/p>\n<p>1. Connect to the server merb.cs.umb.edu on port 6801 using netcat, nc, ncat, <del datetime=\"2014-07-15T20:06:00+00:00\">or telnet<\/del>. Observe that the developer has left debug on so you can see the password hash. Read the source code provided which details the hash method.<\/p>\n<p>2. Write code (CatCracker.java) to find a string that results in the same hash as the one the server is looking for. Hint: generate strings of letters randomly and check each one using the getCS210Sha1 method. Just copy and paste the method into your code. Don&#8217;t try to connect to the server for many words.<\/p>\n<p>3. Write a memo.txt describing any problems you had during this assignment and what you learned. Report the password you found and what the server returned.<\/p>\n<p>Hints: <\/p>\n<p>+ It is ok to find some random string generation code online. It&#8217;s a valuable skill to know how to use code online to solve a problem.<br \/>\n+ You can find code on the internet to generate random strings of characters<br \/>\n+ Print out the byte array using Arrays.toString() to make sure you are comparing correctly<br \/>\n+ If you cannot find a match then try larger strings<br \/>\n+ Don&#8217;t print to the console when searching. It will slow the search down<br \/>\n+ You should find a collision in about 5 minutes<\/p>\n<pre>$ nc merb.cs.umb.edu 6801\nCATDEBUG: Debug mode is on!\nCATDEBUG: Remember to turn if off or you will leak the password hash!\n=================================\nWelcome to Cat Server 2014\nCats are password protected\n=================================\nPlease enter the password:\ntest\n...........\nCATDEBUG: Input CS210Sha1   : [-87,74,-113]\nCATDEBUG: Password CS210Sha1: [-75,1,-127]\nCATDEBUG: Password mismatch\n<\/pre>\n<p><strong>Grading (total 10 points):<\/strong><\/p>\n<p>Turn in the following files: CatCracker.java<\/p>\n<p>3 points: generate random strings<\/p>\n<p>3 points: loop through different strings trying to find a collision <\/p>\n<p>2 points: found a password that works<\/p>\n<p>2 points: memo.txt, easy to grade.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>&nbsp; Due: 7\/15\/2014 @5:30pm via users.cs.umb.edu:cs210\/hw8 Purpose: Gain experience with hash collisions and secure code Get the server code here: https:\/\/github.com\/ieee8023\/cs210-summer2014 For this project you are are going to use your knowledge of hash collisions to log into a server. The server is returning the hash of the password that you need to type in&#8230;  <a href=\"https:\/\/josephpcohen.com\/teaching\/cs210\/hw8\/\" class=\"more-link\" title=\"Read HW8 : Hash Collisions\">Read more &raquo;<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[],"_links":{"self":[{"href":"https:\/\/josephpcohen.com\/teaching\/cs210\/wp-json\/wp\/v2\/posts\/455"}],"collection":[{"href":"https:\/\/josephpcohen.com\/teaching\/cs210\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/josephpcohen.com\/teaching\/cs210\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/josephpcohen.com\/teaching\/cs210\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/josephpcohen.com\/teaching\/cs210\/wp-json\/wp\/v2\/comments?post=455"}],"version-history":[{"count":0,"href":"https:\/\/josephpcohen.com\/teaching\/cs210\/wp-json\/wp\/v2\/posts\/455\/revisions"}],"wp:attachment":[{"href":"https:\/\/josephpcohen.com\/teaching\/cs210\/wp-json\/wp\/v2\/media?parent=455"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/josephpcohen.com\/teaching\/cs210\/wp-json\/wp\/v2\/categories?post=455"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/josephpcohen.com\/teaching\/cs210\/wp-json\/wp\/v2\/tags?post=455"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}