CY 2550 - Foundations of Cybersecurity

Project 3: Password Generator

This project is due at 11:59pm on Friday, February 19, 2021.

Description and Deliverables

One big reason why people choose weak passwords that are easily cracked is because they have been taught that only confusing passwords are secure. People either reject this advice and leave themselves vulnerable, or adopt password creation heuristics that are not resilient to cracking in practice (e.g., English word plus one capital letter, one random number, and one random symbol).

In this project, you will gain hands on experience creating secure, memorable passwords that are resistant to cracking. To accomplish this, you will write a program that generates secure, memorable passwords using the XKCD method.

To receive full credit for this project, you will turn in the following:

  1. A program that you will write called project3/xkcdpwgen that can generate secure, memorable passwords using the XKCD method.
This deliverable is described in greater detail below.

Program Specification

Your program may be written in any language that is available on the Khoury College Linux machines (this includes C, C++, Python 2 and 3, Java, Racket, Ruby, Perl, Go, Rust, and possibly others). Regardless of which language you choose, your program must exactly obey the following command line syntax:
$ ./xkcdpwgen -h
usage: xkcdpwgen [-h] [-w WORDS] [-c CAPS] [-n NUMBERS] [-s SYMBOLS]
Generate a secure, memorable password using the XKCD method
optional arguments:
    -h, --help            show this help message and exit
    -w WORDS, --words WORDS
                          include WORDS words in the password (default=4)
    -c CAPS, --caps CAPS  capitalize the first letter of CAPS random words
    -n NUMBERS, --numbers NUMBERS
                          insert NUMBERS random numbers in the password
    -s SYMBOLS, --symbols SYMBOLS
                          insert SYMBOLS random symbols in the password
Note that your program does not need to print this exact help text. However:

Usage of xkcdpwgen

By default, if you run xkcdpwgen with no arguments, it should produce a password composed of four random English words, all characters in lowercase, without numbers or symbols, like this:

$ ./xkcdpwgen
$ ./xkcdpwgen
$ ./xkcdpwgen
You are free to use any English wordlist that you wish as part of this project. Some reasonable wordlists are available here, here, and here. Make sure to turn in a copy of your wordlist with your project! You may assume that your program will be invoked from the same directory that contains your wordlist, and you will need to hard-code the filename of your wordlist in your program.

The "-w" and "--words" arguments allow the user to override the number of words in the generated password. For example:

./xkcdpwgen -w 2
$ ./xkcdpwgen -w 2
The "-c" and "--caps" arguments capitalize the first letters of random words from the password. For example:
./xkcdpwgen -c 2
$ ./xkcdpwgen -c 2
The "-n" and "--numbers" arguments add random numerical characters into the password, either at the beginning, end, or in-between words. The "-s" and "--symbols" arguments do the same thing but for symbol characters (~!@#$%^&*.:;). For example:
$ ./xkcdpwgen -n 2 -s 2
$ ./xkcdpwgen -n 2 -s 4
$ ./xkcdpwgen -n 2 -s 4
$ ./xkcdpwgen -n 2 -s 4

You may add additional functionality to your program if you wish, but these arguments must be available and behave exactly as specified in this project description. You may handle errors however you see fit. For example the following invocation has an error; you may choose to display an error message, or generate a "best-effort" password.

$ ./xkcdpwgen -c 10

Packaging Your Submission

Because you are allowed to program in whatever language you wish, we require that all students submit a Makefile. If you choose to use a compiled language, you must turn in your source code, and the Makefile must compile your program. For example, if you write your program in C/C++, the final product of the Makefile should be a program called xkcdpwgen.

If you choose to program in a compiled language that does not produce executable binaries (e.g., the Java compiler produces .class files), then you must include a shell script with your submission named xkcdpwgen that can (1) invoke your program and (2) forward any given command line arguments to your program. You must also include a Makefile that transforms your source code into compiled files (e.g. .java files into .class files).

If you choose to use a language that does not need compilation (e.g., Python, Perl), you may leave your Makefile blank. We encourage students that choose to program in scripting languages to adopt shebang syntax and submit an executable script named xkcdpwgen.

Submitting Your Project

The exact files that you submit for this assignment will vary depending on the programming language you choose. At a minimum, you will probably submit:

To submit your project, do the following:
  1. Create a directory ~/cy2550/project3 in the folder corresponding to your git repository.
  2. Copy your Makefile, wordlist, and other pieces of source code and scripts to the ~/cy2550/project3 folder.
  3. Add these files to your repository, commit them, and push the committed files to Github.
  4. Submit your repository to Gradescope.


This project is worth 10% of your final grade, broken down as follows (out of 100): Points can be lost for turning in files in incorrect formats (e.g., not ASCII), failing to follow specified formatting or naming conventions, failing to compile, failing to follow specified command line syntax, insufficient or incorrect randomization, etc.