Transcribed Image Text:

Exercise 1: Password hashing and salting Implement a function for the user registration process shown on Lecture 15 Week 17a Slide 18, and another one for the login process shown on Lecture 15 Week 17a Slide 19. Password hashing: user registration Password hashing: login - User provides the following information to a system for registering an account: - Username (unique ID): u - Password (in clear): p - Other profile information: PI Server receives the above and does the following: - Generate a new and random salt s for this user. - Calculate the hash value as h=H(p || s). - Store (u, s, h, PI) as a new record in the user database. - User provides the following information to a system for log into an account: - Username: u - Password (in clear): p* Server receives the above and does the following: - Use u to retrieve the user's record (u, s, h, PI) in the user database - Re-calculate the hash value as h=H(p* | s). - Compare h and h* if they are equal then let the user in; otherwise reject the user. 19 Write a program invoking the above two functions to show how you can use a password to register a username and then use the same password to log in successfully. For the login process, also use a wrong password to show how the system rejects a user who does not know the real password.