Different Architectures

Idea:

To look at a centrelized program to cracking password - the brute force way.
Discuss several distributed architectures to distribute and thereby increase the performance of this program.

Some background:

In this assignment you are looking at a program to crack passwords! Using more cores or computers should make the program run faster i.e. using architectures.

The goal is to get a large speed-up: That is to see how much faster you can make the program run, compared to the centralized (non-distributed) version of the program.

The general idea is that you have a password file with (username, encrypted password(hash-encoded)). The hash algorithm has no known decryption algorithm.

You also have a large dictionary (list of words) that users might have used as passwords. You must encrypt all the words in the dictionary and compare the encrypted word to the encrypted passwords from the password file. If you have a match, you have found a password, now in clear text.

Some users might not use an exact word from the dictionary, but may have made some kind of change to the words (transformations), like

• Starting with a capital letter
• All capital letters
• Any arbitrary number of capital letter of the beginning of the word
• Adding 1 or 2 digits to the beginning of the word
• Adding 1 or 2 digits to the end of the word
• any combination of the above.

Here are given some examples of the changes from above:

• secret
• Secret
• SECRET
• SECret
• 5secret
• secret3
• Secret123

As can be seen from this list http://splashdata.com/press/PR121023.htm many users chose passwords which are more or less takes from a dictionary.

The centralized program

To get you started you must download a centralized version of the password cracker

Run it - and see how much time it uses running on your computer(s).

The structure of the centralized program

The Visual Studio project includes a dictionary and a password-file. You are allowed to try other dictionaries.

The password file looks like:

anders:5en6G6MezRroT3XKqkdPOmY/BfQ=
peter:qmz4syDsnnyBP+NQeqczRv/kJP4=

The encrypted passwords are encoded using BASE64 (SHA1) encoding to make them into text strings storeable in a text file.

The program:

• make some initialisations (open password file, open dictionary file, create some resulting list etc)
• read a line from the dictionary
• make transformations (i.e. capitalize, starting with a digit ...)
• make hash encryption of the transformated words
• check with the encrypted password from the password file - if match a password have been found
• at the end print out founded password

Discuss Different architectures

In this assignment the general idea must be implemented using a number of distributed architectures.

Two overall principles are shown here

• Master/slave (data parallelism)
  • The master holds the dictionary. Each slave gets a part of the dictionary and do the cracking.

• Pipeline (task parallelism)
1. First task in pipeline reads from the dictionary file and sends the words on to the next process.
2. Next task make a list of all changes of the dictionary word (the different transformations)
3. Next task encrypts the all words.
4. Next task compares the encrypted word to the encrypted passwords from the password file.
5. Last task writes the cracked user's username + password to the screen (or to a file)

Four Overall Technologies

• Threads
• Creating threads or task to do the job - this runs on one computer
• Sockets
  • Can run over different computers (clients and servers) - You can use TCP sockets or UDP sockets
• SOAP
  • The provider runs on a webserver and the consumer runs on a computer, you can have multiple providers and consumers.
• REST
  • The RestFull services runs on a webserver and the client runs on a computer, you can have multiple services and clients.
    (use your knowledge from 2^nd semester)

For SOAP and REST you can discuss the exchange format xml and json.

Assignment: Discuss different combinations of the overall principles and technologies

For the diffrent combinations (e.g. master/slave with client/server of tcp sockets), discuss the following issues
- perhaps you can not discuss all combinations there are approx. 18 variations:

1. How will the overall program(s) looks like?
2. How can you set up an experiments of this solution
3. How much faster do you think this solution will be over the centralized solution?
4. What will be the bottleneck of this solution?
5. What are the benfits?

Try to describe at least 4 different architectures