Basic Task – Security

Create a protection domain matrix, access list and capability list for the diagram below.

File4 [RE]
Scores [WE]
Dates [RW]

Scores [E]
Mouse [R]
Screen1 [R]

_{Access-list (Column)}

_{Capability–list (Rows)}

Basic Solution

Advanced Task – Password

Create a salted-hash function in a programming language of your choice that takes a password as a string and produces a salted-hash output. See http://www8.hp.com/uk/en/pdf/HP-PT-AuthServices_tcm_183_1091989.pdf for the definition of hash password by HP.

For your hash you should create a function specific to you that takes the password and creates an output that would be difficult to crack has there are no easy to identify patterns in the password. The more difficult it is to crack the better the mark.

The salt is a random element based on for example the username of the person or when the password was created. The more interesting the salt is and how you apply it to your hash the better the mark.

Please note you should not use any existing hashing functions available to import, it up to you to create an appropriate hash.

Advanced Solution

import random #Used to generate 7 Bytes of salt

import os #Used to generate another 7 bytes of salt

import base64 #Used to encode the bytes returned by urandom into base 64

import string #Used to ensure only numbers and letters are made with SystemRandom

import time #Used to generate the last 2 bytes of salt

def SaltedHash(): #Single function contains multiple others for ease of returning a single salted password+hash

def Hash(Input, Salt): #Hash function takes the user input and generated salt value

NewInput = Input + Salt #Salt is appended onto the password

print(“Password + Salt is:”, NewInput) #Value is printed for demonstration

for item in NewInput: #Hashing the password+salt

Num = ord(item) #Converting each letter in the password to a number

Val = ((1944046 * 2540433 + 660064 ^ Num) % (2 ** 1024)) #generating the hash number

SaltedHash = (Val % (2 ** 1024)) #Generating the hash number

for item in Input: #Hashing the password only for demonstration

Num = ord(item) #Converting each letter in the password to a number

Val = ((1944046 * 2540433 + 660064 ^ Num) % (2 ** 1024)) #generating the hash number

JustHash = (Val % (2 ** 1024)) #generating the hash number

return SaltedHash, JustHash #Return the values of the salted hash+password and salted hash

def Salt(): #Salt function generates a random salt to be used for hashing

SaltCounter = 0 #Sets counter used for looping to 0

MSCounter = 1 #Sets the counter used for generating only two vales to 1

Bytes = “” #Declares Bytes as an empty string

while SaltCounter <=6: #Loops 7 times

Byte = base64.b64encode(os.urandom(1)).decode() #generates a random byte

Byte = Byte [:-3] #Strips the data to hold just the byte

if ((Byte.isalpha()) == True) or (Byte.isdigit()) == True: #If the byte is a letter or number

Bytes = Bytes + Byte #Add the byte to the salt string

SaltCounter += 1 #Increment the loop counter by 1

#If the byte isn’t a letter or number, the loop continues without being incremented

SaltCounter = 0 #Reset the loop counter

while SaltCounter <= 6: #Loops 7 times

Bytes = Bytes + random.SystemRandom().choice(string.hexdigits + string.digits) #Generates a random letter or number

SaltCounter += 1 #Increment the loop counter by 1

SaltCounter = 0 #Reset the loop counter

TimeMS = str(round(time.time() * 1000)) #Get the current time in milliseconds

TimeMS = TimeMS [-2:] #Strip the value to just the last two milliseconds

while SaltCounter < 2: #Loop 2 times

position = str([random.SystemRandom().choice(string.hexdigits + string.digits)for i in range(1)]) #Generate a random digit or letter

position = position [2:] #Strip the value to just be the number or letter

position = position [:-2] #Strip the value to just be the number or letter

if position.isdigit() == True: #When the generated value is a digit

if MSCounter == 1: #For the first time the loop runs

Bytes = Bytes[:int(position)] + TimeMS [0] + Bytes[int(position):] #Add the first byte of the milliseconds value to the random location within the salt

MSCounter += 1 #Increment the number of MS appended counter by 1

SaltCounter += 1 #Increment the loop counter by 1

else:

Bytes = Bytes[:int(position)] + TimeMS [1] + Bytes[int(position):] #Add the second byte of the milliseconds value to the random location within the salt

MSCounter += 1 #Increment the number of MS appended counter by 1

SaltCounter += 1 #Increment the loop counter by 1

#If the position byte isn’t a digit then the loop will try again

return Bytes #Return the randomly generated salt

UserInput = input(“Input your password: “) #Saves password from user as UserInput

SaltValue = Salt() #Calls the salt function and saves the returned salt as SaltValue

print(“Random salt is:”, SaltValue) #Prints the randomly generated salt

HashedValues = Hash(UserInput, SaltValue) #Calls the hashing function with the user input and salt value and saves the returned values as HashedValues

SaltedHash = HashedValues[0] #Takes the first value returned by the Hash function and saves it as SaltedHash

JustHash = HashedValues[1] #takes the second value returned by the Hash function and saves it as JustHash

print(“Hash of password is:”, JustHash) #Prints the hash of the password alone

print(“Hash of password + salt is:”, SaltedHash) #Prints the hash of password+salt

return SaltedHash #Returns the value of the hashed password+salt

print(SaltedHash()) #Calls the multiple functions with one call and prints the returned hashed password+salt

Lab Evidence

Protection domain matrix, access list and capability list.

Commented code and output showing your salted- hash function working.

Description of the salted-hash function indicating why you feel it is difficult to crack.