In [None]:
# START
#   Set CHECK_INTERVAL_SECONDS = 2
#   Set THRESHOLD = 50  (warn if connections go above this number)

#   Loop forever:
#     Get CURRENT_ACTIVE_CONNECTIONS (can be real or simulated)
#     Print "Active connections:", CURRENT_ACTIVE_CONNECTIONS

#     If CURRENT_ACTIVE_CONNECTIONS is greater than THRESHOLD:
#       Print "ALERT: high number of connections — possible infection"

#     Wait for CHECK_INTERVAL_SECONDS seconds
# END


import time
import random

# START
check_int_sec = 2     # CHECK_INTERVAL_SECONDS
threshhold = 50       # THRESHOLD (kept your spelling)
active_connections = 0


def get_active_connections():
    return random.randint(0, 100)

try:
    while True:
        
        active_connections = get_active_connections()
        print("Active connections:", active_connections)
        if active_connections > threshhold:
            print("ALERT: high number of connections — possible infection")
        time.sleep(check_int_sec)

except KeyboardInterrupt:
    print("\nStopped by user.")
    

# Section 1: Password Strength Analysis
# Discussion Points:
# Compare passwords like "Pass123" vs. "MyP@ssw0rd":
# The latter is stronger due to length, character variety, and higher entropy.
# Limitations of the checker:
# Doesn’t detect dictionary-based passwords (e.g., "CorrectHorseBatteryStaple").
# Doesn’t catch keyboard patterns (e.g., "asdfghjkl").

Active connections: 7
Active connections: 87
ALERT: high number of connections — possible infection
Active connections: 26
Active connections: 26
Active connections: 70
ALERT: high number of connections — possible infection
Active connections: 67
ALERT: high number of connections — possible infection

Stopped by user.


In [None]:
# Define function hash_md5(password):
#     Convert password to bytes
#     Return MD5 hash of the bytes as a hex string

#   Define function hash_sha256(password):
#     Convert password to bytes
#     Return SHA256 hash of the bytes as a hex string

#   Define function hash_bcrypt(password):
#     Use bcrypt to hash the password with a work factor of 12
#     (bcrypt automatically adds a random salt)
#     Return the bcrypt hash

#   # Demo:
#   Print the result of hash_md5("mypassword")
#   Print the result of hash_sha256("mypassword")
#   Print the result of hash_bcrypt("mypassword")

# END

import hashlib
import bcrypt  # make sure bcrypt is installed: pip install bcrypt

# Define function hash_md5(password):
def hash_md5(password):
    # Convert password to bytes
    data = password.encode('utf-8')
    # Return MD5 hash of the bytes as a hex string
    return hashlib.md5(data).hexdigest()

# Define function hash_sha256(password):
def hash_sha256(password):
    # Convert password to bytes
    data = password.encode('utf-8')
    # Return SHA256 hash of the bytes as a hex string
    return hashlib.sha256(data).hexdigest()

# Define function hash_bcrypt(password):
def hash_bcrypt(password):
    # Convert password to bytes
    data = password.encode('utf-8')
    # Use bcrypt to hash the password with a work factor of 12
    salt = bcrypt.gensalt(rounds=12)
    hash_value = bcrypt.hashpw(data, salt)
    # Return the bcrypt hash
    return hash_value.decode('utf-8')



#  Section 2: Password Hashing
# Discussion Points:
# MD5 and SHA-256 hashes are short and fast, making them vulnerable to brute-force attacks.
# bcrypt hashes are longer and include metadata (algorithm version, work factor, salt).
# Why fast algorithms are bad for password storage:
# They allow attackers to try billions of guesses per second, making brute-force attacks feasible.

In [None]:
#  # Without salt
#   Set hash1 = SHA256("password")
#   Set hash2 = SHA256("password")
#   # hash1 and hash2 will be the same because the input is the same

#   # With salt (adds randomness)
#   Generate saltA = random string
#   Generate saltB = random string
#   Set hashA = SHA256(saltA + "password")
#   Set hashB = SHA256(saltB + "password")
#   # hashA and hashB will be different because the salts are different

#   # With pepper (a secret value stored securely, not in the database)
#   Set pepper = secret value stored securely
#   Set hashPeppered = SHA256(saltA + "password" + pepper)
#   # Even if an attacker knows saltA and hashPeppered, they still need the pepper to crack the password
# Demonstration of unsalted, salted, and peppered SHA256 hashes
import hashlib
import secrets
import string

hash1 = sha256_hex("password")
hash2 = sha256_hex("password")
print("Unsalted hashes (same input => same hash):")
print("hash1:", hash1)
print("hash2:", hash2)
print("hash1 == hash2 ->", hash1 == hash2)
print()


length = 8
saltA = make_salt(length)
saltB = make_salt(length)
print("Salt A:", saltA)
print("Salt B:", saltB)

hashA = sha256_hex(saltA + "password")   # salt prepended
hashB = sha256_hex(saltB + "password")
print("\nSalted hashes (different salts => different hashes):")
print("hashA:", hashA)
print("hashB:", hashB)
print("hashA == hashB ->", hashA == hashB)
print()

pepper = secrets.token_hex(16)   # secret pepper value
print("Pepper (secret, should be stored securely):", pepper)

hashPeppered = sha256_hex(saltA + "password" + pepper)
print("\nPeppered hash (salt A + password + pepper):")
print("hashPeppered:", hashPeppered)

#  Section 3: Salt and Pepper
# Discussion Points:
# If an attacker steals your database:
# SHA-256 without salt: Easily cracked using rainbow tables.
# SHA-256 with unique salt: Slows down attacks; each password must be attacked individually.
# SHA-256 with salt and pepper: Even harder to crack; attacker needs the secret pepper to

NameError: name 'sha256_hex' is not defined

In [None]:
# Define function create_totp_secret():
#     Generate a random base32 secret
#     Create a provisioning URI using account name, issuer, and the secret
#     Show a QR code of the URI so the user can scan it with an Authenticator app
#     Return the secret

#   Define function get_current_code(secret):
#     Get the current Unix time and divide it by 30 (round down)
#     Use HMAC-SHA1 with the secret and the time step
#     Truncate and format the result to get a 6-digit code
#     Return the code

#   # To verify during login:
#   Ask the user to enter the code from their Authenticator app
#   Get the expected code using get_current_code(user_secret)
#   If the user's code matches the expected code:
#     Allow login
#   Else:
#     Deny login

# END


In [1]:
# Define function crack_hash(target_hash, algorithm, wordlist):
#     For each word in the wordlist:
#       If algorithm is "md5":
#          h = MD5(word)
#       Else if algorithm is "sha256":
#          h = SHA256(word)
#       Else if algorithm is "bcrypt":
#         Use bcrypt check to compare word with target_hash

#       If algorithm is not "bcrypt" and h equals target_hash:
#         Print "Found:", word
#         Return word

#       Else if algorithm is "bcrypt" and bcrypt check returns true:
#         Print "Found:", word
#         Return word

#     Print "Not found in list"
#     Return None

# END
import hashlib


def crack_hash(target_hash, algorithm, wordlist):
    algo = algorithm.lower()

    for raw in wordlist:
        word = raw.strip()
        if not word:
            continue

        if algo == "md5":
            if hashlib.md5(word.encode()).hexdigest() == target_hash:
                print("Found:", word)
                return word

        if algo == "sha256":
            if hashlib.sha256(word.encode()).hexdigest() == target_hash:
                print("Found:", word)
                return word

        if algo == "bcrypt":
            if not _HAS_BCRYPT:
                raise RuntimeError("bcrypt not available; install with: pip install bcrypt")
            th = target_hash.encode() if isinstance(target_hash, str) else target_hash
            if bcrypt.checkpw(word.encode(), th):
                print("Found:", word)
                return word

    print("Not found in list")
    return None


In [None]:
# # Create a simple in-memory "database"
#   Set users = empty dictionary
#   (Each username will map to a record with password hash, salt, and TOTP secret)

#   Define function register_user(username, password):
#     If score_password(password) is weak:
#       Print "Choose stronger password"
#       Return false

#     Generate a random salt
#     Create password_hash = bcrypt hash of (password + salt)
#     Create totp_secret = call create_totp_secret() to set up 2FA
#     Store in users[username] = { "hash": password_hash, "salt": salt, "totp": totp_secret }

#     Print "Registered. Scan the QR code for 2FA."
#     Return true

#   Define function authenticate(username, password, totp_code):
#     If username is not in users:
#       Return false

#     Get record = users[username]

#     # Check password
#     If bcrypt check of (password + record.salt) against record.hash fails:
#       Return false

#     # Check TOTP code
#     Get expected = get_current_code(record.totp)
#     If totp_code is not equal to expected:
#       Return false

#     Return true  # login successful

#   # Example flow:
#   Call register_user("alice", "MyStr0ng#Pass")
#   # User scans QR code and saves the secret in their Authenticator app
#   # On login, user enters password and 6-digit code from app
#   Set success = authenticate("alice", "MyStr0ng#Pass", "123456")
#   If success:
#     Print "Welcome"
#   Else:
#     Print "Login failed"

# END
