CS 255 Introduction to Cryptography - Stanford University. Programming Assignment 1. Winter 2023.

Document Content and Description Below

CS 255 Introduction to Cryptography - Stanford University. Programming Assignment 1. Winter 2023.1 Introduction In many software systems today, the primary weakness often lies in the user’s passwor... d. This is especially apparent in light of recent security breaches that have highlighted some of the weak passwords people commonly use (e.g., 123456 or password). It is very important, then, that users choose strong passwords (or “passphrases”) to secure their accounts, but strong passwords can be long and unwieldy. Even more problematic, the user generally has many different services that use password authentication, and as a result, the user has to recall many different passwords. One way for users to address this problem is to use a password manager, such as BitWarden and 1Password. Password managers make it very convenient for users to use a unique, strong password for each service that requires password authentication. However, given the sensitivity of the data contained in the password manager, one must take considerable care to store the information securely. In this assignment, you will be writing a secure and efficient password manager. In your implementation, you will make use of various cryptographic primitives we have discussed in class—notably, authenticated encryption and collision-resistant hash functions. Because it is ill-advised to implement your own primitives in cryptography, you should use an established library: in this case, the SubtleCrypto. We will provide starter code that contains a basic template, which you will be able to fill in to satisfy the functionality and security properties described below. Caveat: Please do not consider this project as a substitution for a safe password manager. There are more security considerations that we do not consider in this project to make this password manager truly secure. 2 Secure Password Manager 2.1 Implementation details In general, a password manager (also called a keychain) application will store its password database on disk, protected by a strong master password; in addition, while it is in use, it may store an “unlocked” representation of the database in memory, from which it can provide the password for each desired domain. Instead of implementing a full standalone password manager application, for this project you will only be responsible for the core library. Thus, you will not need to implement the interactive front-end for interacting with the password manager, nor will you need to actually write the contents to disk. Instead, you will simulate these functionalities by providing features to serialize and deserialize your data structures to string representations, so that it would be easy to complete a full password manager application by writing these representations to disk. [Show More]

Last updated: 11 months ago

Preview 1 out of 11 pages