Teaching Cyber Security (Part 11)

in linux •  7 years ago  (edited)

This is the 11th post of a series for teaching cyber-security in a coding-club. Read [part 10].

Pipes and security

Pipes and dictionaries

How would you guess a password? A lot of people use common words, but this is not a good idea.

Let's see why. First, let's install an american dictionary in this computer.

sudo apt install wamerican

wamerican is a package of american words. There is also wbritish or wfrench for words in other dialects, or languages. But for now, let's stick to american words.

Use the cat to see the words!

The words are stored as a file inside the following directory:

/usr/share/dict/

Note the slash / at the very beginning. This means it's at the root (or the deepest directory in the computer).

If you type ls / you will see the system directories. Don't move, delete or write there! If you delete some of those folders the whole computer could stop working.

One of those important folders has the programs you have installed. It's the /usr/share/ directory. Let's move there. Do you remember how?

cd /usr/share/dict/

Ok. What do you see? Let's give you a challenge to see if you can pipe like the pied piper.

Challenge Question Dictionary challenge

Can you find out how many words are in the American English dictionary?
Another way to phrase it is: Can you use a pipe | to count the words inside the file american-english?

Remember that you may need to move to /usr/share/dict/ to find the file. Also remember that cat prints out the content of the file, one line per word. Feel free to go back to [part 10] to review the syntax of the pipe operator.

Did you manage?

Passwords and dictionaries

Ok, so:

cat american-english | wc -l

takes the output from cat and gives it to the counter wc. And the answer was 99,171.

It took you less than a second to print 99,171 words. How long do you think it takes a computer to try 99,171 passwords? Not very long at all!

Let's try some other clever uses of the pipe. Try to do this again:

cat american-english

Did you see if the word pepper was in there? I didn't. It just goes too fast, doesn't it? We are going to use the command grep. If you give a list to the command grep you can ask to find a word in that list.

Let's try it:

cat american-english | grep pepper

which means:

print all the words inside the file american-english and then look for the word pepper inside the output. Every time you find the word pepper, print the line where you found it.

Anything interesting? Could you count how many words have the word pepper inside them in the american dictionary? Can you count how many american words have the word row inside them?

Finding word statistics is a big part of what password crackers do!
Let's learn a few more useful commands in [Part 12]

linux bash security teaching coding-club
7 years ago by

Downvoting a post can decrease pending rewards and make it less visible. Common reasons:

  • Disagreement on rewards
  • Fraud or plagiarism
  • Hate speech or trolling
  • Miscategorized content or spam

Submit
$0.00
    1 vote
    0
    Authors get paid when people like you upvote their post.
    If you enjoyed what you read here, create your account today and start earning FREE STEEM!