Before you turn this problem in, make sure everything runs as expected. First, **restart the kernel** (in the menubar, select Kernel$\rightarrow$Restart) and then **run all cells** (in the menubar, select Cell$\rightarrow$Run All).

---

# Lab 6: Cracking Passwords
This assignment will give you a taste of what professional (and amateur) password crackers do.

Since there's no way to derive the original password from a hash, the only practical way to crack a password is to try a bunch of candidate passwords, hash them individually, and compare the hashes. If a match is found, it's likely you've found the original password. However, brute-force probably isn't the best way to find passwords. Instead, professionals use a list of known, common passwords. One such list is called **rockyou.txt** containing 14 million passwords from breached websites. A Google search will bring up a link where you can download the file.

I've provided the first 300 passwords from the rockyou.txt file in an array called `rockyou`. Each password is stored as a byte string.

Run the cell below to set up the `rockyou` array.

In [None]:
from hashlib import md5
from csci26 import *

# The first 300 entries from the rockyou.txt file.
# This is a list of byte strings. You will be using this list
# in the problems below.
rockyou = [ bytes(i, 'utf-8') for i in
    """123456 12345 123456789 password iloveyou princess 1234567
    rockyou 12345678 abc123 nicole daniel babygirl monkey lovely jessica
    654321 michael ashley qwerty 111111 iloveu 000000 michelle tigger
    sunshine chocolate password1 soccer anthony friends butterfly purple
    angel jordan liverpool justin loveme 123123 football secret andrea
    carlos jennifer joshua bubbles 1234567890 superman hannah amanda
    loveyou pretty basketball andrew angels tweety flower playboy hello
    elizabeth hottie tinkerbell charlie samantha barbie chelsea lovers
    teamo jasmine brandon 666666 shadow melissa eminem matthew robert
    danielle forever family jonathan 987654321 computer whatever dragon
    vanessa cookie naruto summer sweety spongebob joseph junior softball
    taylor yellow daniela lauren mickey princesa alexandra alexis jesus
    estrella miguel william thomas beautiful mylove angela poohbear
    patrick iloveme sakura adrian alexander destiny christian 121212
    sayang america dancer monica richard 112233 princess1 555555 diamond
    carolina steven rangers louise orange 789456 999999 shorty 11111
    nathan snoopy gabriel hunter cherry killer sandra alejandro buster
    george brittany alejandra patricia rachel tequiero 7777777 cheese
    159753 arsenal dolphin antonio heather david ginger stephanie peanut
    blink182 sweetie 222222 beauty 987654 victoria honey 00000 fernando
    pokemon maggie corazon chicken pepper cristina rainbow kisses manuel
    myspace rebelde angel1 ricardo babygurl heaven 55555 baseball martin
    greenday november alyssa madison mother 123321 123abc mahalkita batman
    september december morgan mariposa maria gabriela iloveyou2 bailey
    jeremy pamela kimberly gemini shannon pictures sophie jessie
    hellokitty claudia babygirl1 angelica austin mahalko victor horses
    tiffany mariana eduardo andres courtney kissme harley ronaldo
    iloveyou1 precious october inuyasha peaches veronica chris 888888
    adriana cutie james banana prince friend jesus1 crystal celtic zxcvbnm
    edward oliver diana samsung freedom angelo kenneth master scooby
    carmen 456789 sebastian rebecca jackie spiderman christopher karina
    johnny hotmail 0123456789 school barcelona august orlando samuel
    cameron slipknot cutiepie monkey1 50cent bonita kevin maganda babyboy
    casper brenda adidas kitten karen mustang isabel natalie cuteako
    javier 789456123 123654 sarah bowwow portugal laura 777777 marvin""".split() ]

In [None]:
# If you wish, you can inspect the contents of the rockyou array

rockyou

## Problem 1
I've chosen three words from the rockyou array and hashed them into the variables `hash1`, `hash2`, and `hash3`. Can you figure out what the original words are?

To do this problem, write a function called `crackOne`. It takes a hash as a string (*target*) and returns the matching word. The function should loop through the *rockyou* array, hashing each word in turn. If the hash matches the target, return the plaintext word. For example, `crackOne(hash0)` should return `b'computer'`.

Once you've cracked the three hashes, assign the solutions to the `word1`, `word2`, and `word3` variables, respectively.

In [None]:
# Hashes of a few of the passwords.
# Can you figure out which ones they are?
hash0 = 'df53ca268240ca76670c8566ee54568a'
hash1 = 'fe546279a62683de8ca334b673420696'
hash2 = '5ebe2294ecd0e0f08eab7690d2a6ee69'
hash3 = 'c8837b23ff8aaa8a2dde915473ce0991'

In [None]:
# Write your crackOne function here

In [None]:
# Run this cell to check your solutions.
# Some of the answers here have been obfuscated.
from functools import reduce
import operator
assert crackOne(hash0) == b'computer'
assert crackOne('b0fc08a18d29407428cbac5d2e5cc682') == b'scooby'
assert crackOne('36cdf8b887a5cffc78dcd5c08991b993') == b'dolphin'
assert reduce(operator.mul, word1) % 0xffffe == 411404
assert reduce(operator.mul, word2) % 0xffffe == 171234
assert reduce(operator.mul, word3) % 0xffffe == 284214

## Problem 2
The arrays `rand_hashes1` and `rand_hashes2` each contain 10 hashes sampled randomly from the *rockyou* list.

The `hashes3` list contains four hashes of words taken from the *rockyou* list.

In [None]:
# Every time you run this cell, 10 words will be randomly selected
# from the rockyou list, each one will be hashed, and placed into
# these lists.
# There are two sets of random hashes here.
# There is no need to modify these.
from random import sample
rand_hashes1 = [ md5(p).hexdigest() for p in sample(rockyou, 10) ]
rand_hashes2 = [ md5(p).hexdigest() for p in sample(rockyou, 10) ]

# Here are some more hashes to crack
hashes3 = ['ec0e2603172c73a8b644bb9456c1ff6e',
           '8621ffdbc5698829397d97767ac13db3',
           'dea56e47f1c62c30b83b70eb281a6c39',
           '02c75fb22c75b23dc963c7eb91a062cc']

# If you wish, you can inspect the contents of these lists. Just
# remove the comment symbol from one of them.
#rand_hashes1
#rand_hashes2

Write a function called `crackList` that takes a list of hashes and returns a list of cracked passwords. Each of the cracked passwords should be a byte string.

*Hint:* you already have a function that will crack a single hash. Map it onto a list of hashes.

In [None]:
# Write your crackList function here
def crackList(hashes):
    return None


In [None]:
# Try your function
crackList(hashes3)

In [None]:
crackList(rand_hashes1)

In [None]:
crackList(rand_hashes2)

In [None]:
# Run this cell to check your function
hashList = ['d7af994f1f1ef8b5e3beb9f7fb139f57',
          '4d33fd1da665809bea02d5b573739a5f',
          '6da89cd09ab7937478a1d47d20938536']
assert crackList(hashList) == [b'forever', b'mariposa', b'kitten']

## Problem 3
The variables `hash4` and `hash5` contain two mystery hashes. I'll give you a hint: they are constructed by taking a word from the `rockyou` list and appending a single digit. For example, `morgan3` or `shadow7`. This is a common thing people to do choose "good" passwords. But they are easy to crack because it's such a predictable pattern.

Write a function to solve this problem for you. Paste your solutions into the `word4` and `word5` variables, respectively. You can name the function whatever you want; the function itself won't be checked.

In [None]:
hash4 = '610c23407eb63d963c73cdda8703b506'
hash5 = '82f1742b8fef8c2379698be495c29c3d'

In [None]:
# You may need this to help solve the problem
digits = [b'0', b'1', b'2', b'3', b'4', b'5', b'6', b'7', b'8', b'9']

# Write your function definition here


In [None]:
# Paste your solution here
word4 = None
word5 = None


In [None]:
# Run this cell to check your answers
from functools import reduce
import operator
assert reduce(operator.mul, word4) % 0xffffe == 779296
assert reduce(operator.mul, word5) % 0xffffe == 974694