Passwords

By:

Will Griffith

Grade level:

7th

Subject:

Math

Estimated length: One Class Period

Content
Standard(s) #
7.DSP.3

Content Standard(s) Wording

Investigate chance processes and develop, use, and evaluate probability modes.

ISTE Student
Standard(s) #
4.c

ISTE Student Standard(s) Wording

Collect and analyze data to identify solutions and/or make informed decisions
I think 5.a and/or 6.a are also very relevant to this lesson

Objectives
Use verbs that are observable and measurable. Write as many as are appropriate (doesnt have to be 3)
1

The student will work together as a class to calculate how long four passwords will take to crack

The student will create three password with a partner and calculate the maximum length of time it would
take to crack

The student will come up with a personal password they will keep for themselves

Pre-requisite
knowledge

Basic multiplication
Understanding of exponents and how to use them in a calculator
Knowledge of the English alphabet capital and lower case letters.
Tools & Supplies Needed

Internet URLS
https://www.grc.com/haystack.htm
Software Programs

N/A

Printed Materials

N/A

Other:

Calculator
Pencil
Paper

Academic
Language
Password

Definition
A digital key for a digital lock.
Should be private information
known only to you.
How easy could your password
be hacked or not?

Password
Strength

How will you assist students in the

acquisition of this academic language
(especially focused on ELL and other diverse
students)?

I will try and use the math to demonstrate this

term.

Procedures:
Provide all information necessary for another teacher to replicate your lesson/unit.
Main Tasks/Activities

Instructor notes (detailed directions)

Include questions prompts you will ask the students

When you left your house this morning did you or your parents leave the door
wide open? Did you close the door? Did you lock the door? If you just closed
the door is it likely that someone will go into your house while you are gone?
Probably not but to be safe often we lock our doors. In the same way you want to
keep your digital homes safe so you should keep your accounts locked with
do to get students attention
passwords. How many passwords do you have? 1? 2? 3? More? Is your
and activate their prior
knowledge before teaching the password very complicated? We are going to do some of the math behind
passwords and talk about ways to make yours more secure.
main content of the lesson?)

Part 1: Readiness
(aka motivator,
attention set,
engager) (what will you

We are going to talk

about passwords and
how to make yours more
secure.

Part 2: Main Focus

of Lesson
As a class we look at
how passwords
combinations change
depending on what
characters are used.
Engage in direct
instruction for
calculating the time it
would take to guess the
password of certain
lengths. Be sure to

As our first example we are going to look at our phone lock screens. The basic
password on an apple phone is four characters long. Only numbers can be use so
each slot has 10 (0-9) options. (Writes this on the board _ _ _ _ ) each can be
filled with one of 10 numbers. For the first slot how many options do we have?
(Wait for someone to say 10 then fill in the first slot. 10 _ _ _ ) For the second
slot how many options are available? (Wait for someone to say 10 then fill in the
second slot 10 10 _ _ ) As you can see for now these are the same number and it
does not matter what the first one is for what the second one can be. As we get
more into probability order will matter and the numbers may change. For today
though this will be the same so the next two slots are also 10. (writes 10 10 10
10) So for the first slot we have 10 options, then 10 more options, then 10 more

include the following

information:

and finally 10 more. So the total number of options we can have is 10*10*10*10
or 10^4 which equals 10,000. Now some phones allow you to have 6 choices
still numbers. So instead of 10^4 we have 10^6 which equals 1,000,000. As you
can see this is a lot more choices.
Luckily for your phone people have to manually enter these codes but on your
computer someone could try and break into one of your accounts by attempting
your password through the internet. The bigger problem here is that using
computers they can guess much faster. For example, lets say they make 1000
guesses per second. To guess your phones four digit code it would take 10
seconds. If you use the six digit code it would take 1000 seconds or 16 minutes.
If you have a debit card it may also have a four digit pin but both ATMs and your
cell phone have settings to prevent multiple attempts. After a few attempts you
get locked out. Online sometimes your passwords do not have this safe guard.
So how could we make this password stronger? Why not add letters? The
English language has 26 letters. So if we had a four digit code but instead had
letters and numbers how many options would each slot have? 10 for the numbers
and 26 for the letters. This is assuming we have just lower case letters. What if
instead we used lower case and upper case letters. Then we have 10 numbers 26
lower case and 26 upper case. Together that is 62 choices for each slot. So now
we have 62^4 which equals 14,776,336 which would take 14,776 seconds or 246
mins or 4.1 hours. What if we had 6 options? 62^6 = 56,800,000,000 which
would take 56,800,235 seconds or 946,670 mins or 15,778 hours or 657 days or
1.8 years. These numbers will change depending on the program trying to hack
your password.
Now lets add symbols. This is a little more complicated. For today we are going to
use 33 since there are 33 ASCII (American Standard Code for Information Interchange)
printable symbols. This is anything from the @ to a : or a . or even just a space. You
have to be careful about symbols though because not ever password system will accept
all of them. I know specifically spaces are not always allowed. But if we use all 33
symbols along with numbers and letters we will get a total of 95 choices. For a four digit
code we will have 95^4 options equal to 81,450,625. If someone was trying to hack this
it could take 81,450 seconds, 1.358 mins or 22 hours. If we used 6 digits we would have
95^6 options equal to 73,509,189,060. It could take 735,091,890 seconds, 12,251,532
mins, 204,192 hours, 8,508 days, or 23.3 years.

What seems to cause the numbers to increase more. Adding letters and symbols?
Or how long the password is? The longer the password the harder it will be to
guess. Adding symbols and letters is good but in some ways these can also be
limiting. Because for instance if you have a four digit code but you require one
capital and one symbol how will that change your options? Instead of 95 95 95
95 = 81,450,625 you will have 26 33 95 95 = 7,743,450. As you can see this is a
significant drop. Often these requirements are coupled with your password being
longer so it still is more secure but the requirements themselves are actually
lowering your passwords strength.
Another problem to be aware of is using a common password. Such as password,
12345, 111111, Password1. These basic options are used by a lot of people and
so are often tried first. It would be best if we all used passwords that were

We will work together to

make a class password.

Students team up with

another classmate to
create three shared
passwords
They will calculate how
long it will take for each
one to be cracked and see
the time differences.

Part 3: Closure (what

will you do to bring the lesson
to a close and summarize the
important points of the
lesson?)

Students create personal

password

random but those can be hard to remember. Lets work together as a class and
find a longer password. We are going to use the website
https://www.grc.com/haystack.htm which will let us type our password out and
see how each part changes something. (We would then work together as a group
to make a password and use information on this site, pictured in the extra
materials section, to come up with a good password.

Now I want you each to pair up and make a password together. This shouldnt be
used for anything but just as practice. I want you to make three passwords. The
first password should be 6 characters long and only use letters. The second
should be 8 characters long and have at least one number. The third should be at
least 8 characters long and include at least one capital and symbol since this is a
common requirement. Then I want you to calculate how long it would take to
crack each password if you could preform 1000 attempts ever second. You will
then turn in this paper with both your names on it as your assignment.

I would now show the picture I have in the supplemental materials.

So now that you have seen how passwords can vary, I want you to make a
personal one. You will not be turning this in but this is a way to help you have a
more secure password. One piece of advice I will give you is to have a unique
password for every account. This is not fun and if you do this there is software,
such as 1Password for iOS, that can help you store all of your passwords. The
problem is some groups do not want to hack your individual account they want to
hack a whole company. Your password can be as strong as you want but if they
break in the back door and steal your information it does not matter. If that
happens having different passwords means your other accounts will remain
secure even though one was compromised. It can be hard to remember your
passwords so there are some ways to go about it. Like our example in the picture
you can just make a really long phrase. An advantage with using a program to
keep most of your passwords is then you only need to remember one to get
access to all the rest. Even though the cartoon does make fun of changing parts
of your password into symbols and numbers this can be an easier way to make
one. Especially since most accounts now require you to have a symbol and a
number in your password.
I would then ask the students for some sedjestions of words of phrases we could
use and have them give examples of letters we could change. Such as
SchoolRocks could become $ch001Rock$ or something. Then I would give them
some time to work on their own password to keep and not turn in.

Accommodations and/or Modifications for Differentiated Learning

How will you make the lesson accessible to all your students? How will you support the ELLs in your class?
How will you support other special populations? How will you challenge those that need it?

English Language Learner

(ELL):

Student with a learning

disability:

I would talk some about how a few of these specifics only work for languages
like English. I am not sure how the code would work specifically for languages
such as Chinese, Japanese, etc. Before this lesson I might look up some basic
info for them about some of the differences but I would need to know what their
specific language is. I could also ask them if they had any experience with
passwords in other languages and if they would be comfortable telling the class
about it.
If I had a student with dyslexia or something similar I would talk to them about
strategies for making a password. For them it may be better to make it based on
feel of the keyboard rather than writing it down and copying it.

Assessment Procedures
How will you know if the students met the objectives/standards? How will you measure their progress and
level of understanding?
Formative
Assessment

I would have the students following along doing some of the calculations I listed out in
the lesson. For a lot of the time values I might ask them for the answer rather than just
giving it to them.

Summative
Assessment

Students will pair up create three passwords and calculate the approximate time it
could take to hack each. This will be turned in at the end of class so I can see if they
understood the math part of the lesson.

References:

https://www.grc.com/haystack.htm
http://securitymusings.com/article/3732/the-math-behind-passwords
https://en.wikipedia.org/wiki/ASCII (Wikipedia is not a good source but it has the
easiest to read list showing all the ASCII printable symbols that I found. The previous
source is the one that specifically talked about the ASCII and that it included 33
symbols)
http://keriblog.com/security/math-behind-long-password/
http://robertkaplinsky.com/work/how-can-we-make-stronger-passwords/

Supplemental Materials:
This is a funny comic I would show the students