1. (50 points) In this exercise you will update your web site to include a password update form and provide additional validation on the password check. Specifically you should create:
a. Password update Form – This Python form allows a previously registered user to reset their password after they have successfully logged in.
b. Authentication functions – These Python functions will check the following NIST SP 800-63B criteria are met upon password update:
– Use the previous criteria for password length and complexity. (This work should already be done.)
– Compare the prospective secrets against a list that contains values known to be commonly- used, expected, or compromised (Provided as CommonPasswords.txt).
– If the chosen secret is found in the list, the application SHALL advise the subscriber that they need to select a different secret.
c. Logger – Create a log to log all failed login attempts. The Log should include date, time and IP address.
2. (30 points) Using the Decrypting Secret Messages sites found in this week’s readings, decrypt the following messages.
a. – …. .. … / … -.. . …- / …– —– —– / -.-. .-.. .- …
… / …. .- … / … — — . / … – .-. .- -. –. . / .-. . –.-
..- . … – … .-.-.-
— Psuwb Ysm —-
W oa gc qzsjsf. Bc cbs qcizr dcggwpzm twuifs hvwg cih.
— Sbr Ysm —
3. (20 points) Document your results of the application running from your programming environment. You should also include and discuss your pylint results for the application. Provide your test results for each requirement in the Web application, associated functions and provide your resulting log files.
Discuss the log file and how it could be used to possibly detect patterns of abuse. Describe the results of your NIST password complexity functions and how you tested each requirement. Include the Cipher tool results and write up in this document as well.