exercise.md

Create a simple authentication system

an alternative to the hopelessly boring hello world examples for an introduction to git

Start creating a script called auth.py

Expected usage:

• run the script
• the script asks for username and password
• if the user is known and password is correct: print the password database
• if the user is not known, ask to add it to the password database
• if a user has been added, store the updated database to disk

Basic API:

• a function get_credentials that asks for username and password
• a function authenticate that checks if user is in the password database and that the password is correct
• a function add_user to add a new user with its password to the database
• a function read_pwdb to read the password database from disk
• a function write_pwdb to write the password database to disk

Suggestions:

• the database can be a simple dictionary {username: password}
• the database can be serialized to disk with pickle
• to experiment you can store the database on a temporary directory
• remember to write the database to disk every time you add a new user

Later, think about the following problems:

• should we return different errors if username is not known or password is wrong? ⟶ do not leak valid usernames
• password hashing ⟶ do not store passwords in clear text (database could be stolen, admins are nosy), do not store passwords at all but only its hash (database could be stolen)
• password salting ⟶ different users with same passwords should not have same hash ⟶ cracking one does not crack all: mitigates dictionary attacks, see below)

Addition to the basic API:

• a function pwhash that given a password and a salt returns a hash
• a function get_salt that returns a unique salt

Try to crack it! (Advanced)

• can you guess the hash collision risk for the proposed solution?
• try first a brute force attack: is it feasible?
• try a dictionary attack (you can use this list of probable passwords): is it feasible?
• think about lookup tables and rainbow tables attacks
• what are the trade-offs of the different attacks?

Notes

To make it for real:

• insecure temporary file (symlink race attack) ⟶ tempfile and its context managers
• better way of generating passwords or random tokens: the secrets module
• cracking a password database is a form of art, see for example the John the Ripper password cracker