A Project Report

On

“DYNAMIC PASSWORD POLICY GENERATION SYSTEM”

Submitted to the

Department of Computer Science

In partial fulfilment of the

MSc COMPUTER SCIENCE

Under the guidance of

Ms. Simna V S

Project Done by
SHARON MARY P.E
(Reg No: 180011012833)

DEPARTMENT OF COMPUTER SCIENCE

KMM COLLEGE OF ARTS AND SCIENCE,

THRIKKAKARA, COCHIN-682021

February –2020
NO DESCRIPTION PAGE

1 Certificate of the Examiner i

2 Certificate of Organization ii

3 Certificate of Head of Department iii

4 Certificate of Internal Project Guide iv

5 Declaration by Student v

6 Acknowledgement vi

7 Executive Summary vii

8 Table of Contents ix
 KMM COLLEGE OF ARTS AND SCIENCE
THRIKKAKARA, COCHIN – 21

BONAFIDE CERTIFICATE
Certified that the Project Work Entitled

“DYNAMIC PASSWORD POLICY GENERATION SYSTEM”

is a bonafide work done by

Sharon Mary P.E

In partial fulfilment of the requirement for the Award of

MSc COMPUTER SCIENCE

Degree From

Mahatma Gandhi University, Kottayam

2018-2020

Head of the Department Project Guide

Submitted for the Viva-Voce Examination held on……………………………………..

External Examiner 1 External Examiner 2

i
ii
 KMM COLLEGE OF ARTS AND SCIENCE
THRIKKAKARA, COCHIN – 21

CERTIFICATE

This is to certify that the project entitled “DYNAMIC PASSWORD

POLICY GENERATION SYSTEM” has been successfully carried out by

SHARON MARY P.E (Reg No: 180011012833) in the partial fulfilment of

the Course MSc Computer Science.

INTERNAL GUIDE

Date: …………………… HEAD OF THE DEPARTMENT

iii
 KMM COLLEGE OF ARTS AND SCIENCE
THRIKKAKARA, COCHIN – 21

CERTIFICATE

This is to certify that the project entitled “DYNAMIC PASSWORD

POLICY GENERATION SYSTEM” has been successfully carried out by

Sharon Mary P.E (Reg No: 180011012833) in partial fulfilment of the

course

MSc Computer Science under my guidance.

Date: ………………….. Name of Guide

INTERNAL GUIDE

iv
 KMM COLLEGE OF ARTS AND SCIENCE
THRIKKAKARA, COCHIN – 21

DECLARATION

I, SHARON MARY P.E, hereby declare that the project work entitled
“DYNAMIC PASSWORD POLICY GENERATION SYSTEM” is an authentic

work completed at FLEMING EMBEDDED AND SOFTWARE SOLUTIONS

under the guidance of Shahina V H for the partial fulfilment of the course
MSc COMPUTER SCIENCE. This work has not been submitted for similar

purpose anywhere else except to KMM COLLEGE OF ARTS AND SCIENCE.

I understand that detection any such copying is liable to be punished in any

way the college deems fit.
SHARON MARY P.E
Signature
Date: ………………..
Place: ……………….

v
 ACKNOWLEDGEMENT
I consider it as a privilege to express my sincere gratitude and respect to all those who
guided and inspired me in the successful completion of this main project work.

I convey my reverential salutation to Almighty God, for enabling me to take up and

complete the main project successfully.

I would like to express my sincere thanks to Mr P.V. Sumithran, Principal, KMM

College of Arts and Science for providing the necessary infrastructure and support for the
completion of this main project work.

I would like to express my sincere thanks to Mrs. Reshmi P.R, HOD, Department of
Computer Science, KMM College of Arts and Science for her valuable advice and support
which have helped me greatly in the accomplishment of the main project.

I sincerely thank my project guide Mrs. Simna V.S, Assistant Professor, KMM College of
Arts and Science, for her consistent guidance and inspiration throughout the period for the
completion of this main project.

I would like to thank all the teaching and non-teaching staff of KMM College of Arts and
Science, for their valuable guidance and suggestions rendered during the main project.

Finally I thank my parents and all my friends for their help, encouragement and moral
support given to me during the course of this work.

SHARON MARY P.E

vi
 EXECUTIVE SUMMARY

To keep password users from creating simple and common passwords, major websites and
applications provide a password-strength measure, namely a password checker. While
critical requirements for a password checker to be stringent have prevailed in the study of
password security, regardless of the stringency, such static checkers can leak information and
actually help the adversary enhance the performance of their attacks. To address this
weakness, the Dynamic Password Policy Generator, namely DPPG, to be an effective and
usable alternative to the existing password strength checker. DPPG aims to enforce an
evenly-distributed password space and generate dynamic policies for users to create
passwords that are diverse and that contribute to the overall security of the password
database. Since DPPG is modular and can function with different underlying metrics for
policy generation, we further introduce a diversity-based password security metric that
evaluates the security of a password database in terms of password space and distribution.
The metric is useful as a countermeasure to well-crafted offline cracking algorithms and
theoretically illustrates why DPPG works well.

The data set contains data fields such as many different types of passwords and its
strength. Based on these data of password and its strength the system can predict whether
the user entered password is strong or weak. Prediction is done by training the system on
dataset. System has only one user, who has central control over the system.
Coming to the existing system. The existing system is static. The static checker set
specific condition to generate a strong password. There will be high chance of leak or theft of
the password which are created by means of static checker. The person those who know the
static password rule can easily steal the password and leak the password.
. This system provides mechanism to check the password strength using machine learning
technique. If the system predict password strength as weak, then system generate some
dynamic policy to generate a strong password. The policy changes every time. The policies
are unknown to users because each time a new policy is created for every user. System
automate the policy generation to generate strong password rather than forcing all users to
create extremely complex passwords, here the focus on the overall strength of the password.

vii
The Dynamic Password Policy Generator, namely DPPG, is an alternative to traditional
password strength checkers.

The system uses TFIDF (Term Frequency Inverse Data Frequency) for its feature
extraction. After the extraction, system splits the data into two parts where one part will
used for testing and another part will be used for training. The splitting up of data is based
on the dataset and mining technique. For performing these processes, system uses naïve
bayes classifier for classification. Using this method, system can classify the data and
using those data system can predict whether the entered password is strong or not.

The proposed system has more accuracy and it is more efficient in predicting the
strength of the password. Data set for the system is large and based on those data; the
system has more accuracy on prediction. The processing of prediction has good accuracy
rate, so the proposed system has better efficiency and accuracy.

Major objective of this project is to provide a new system which can predict the
strength of the password with the help of machine learning. The system can accurately
predict the strength of the password. So, the user can create a new strong password

Our system is developed using waterfall model. Since the dataset gathering is the first
step and more time spent in collecting all the dataset, accuracy of project is well
maintained from the beginning itself. The time limit for the completion of project is
limited and the dataset is the biggest resource that is needed for the development of
project, Waterfall model is justified to be the best in carrying out the project.
The system has developed in Python as front end. It uses Django as the framework.
Minimum OS requirement for the system is windows 7. It needs only 500 GB HDD and
minimum 4 GB RAM.

viii
 TABLE OF CONTENTS

NO CONTENTS PAGE

1 Background 1

1.1 Existing System 1

1.2 Definition of Problem 2

1.3 Proposed System 3

2 Project Overview 5

2.1 Objective of the Project 5

2.2 Stakeholders 5

2.3 Scope of the Project 5

2.4 Feasibility Analysis 6

3 High Level System Analysis 9

3.1 User Characteristics 9

3.2 Functional Requirements 9

3.3 Non Functional Requirements 10

3.4 Use Cases 10

4 System Modelling 11

4.1 Use Case Diagram 11

ix
 4.2 Activity Diagram 12

4.3 Sequence Diagram 13

4.4 Theoretical Background 14

5 System Design 16

5.1 Module Description 16

5.2 Input Design 17

5.3 Dataset 18

5.4 Output Design 19

5.5 User Interface Design 20

6 Coding 23

6.1 Standardization of coding 23

6.2 Error Handling 24

6.3 Parameter Passing 25

6.4 Validation Checks 26

7 Testing 27

7.1 Test cases 28

7.2 Sample code used for testing 30

8 System Security Measures 34

8.1 Database security measure 34

x
 8.2 Creation of user profiles and access rights 34

9 Transition 36

9.1 System Implementations 36

9.2 System Maintenance 37

10 Annexure 39

10.1 Document Glossary 39

10.2 Sample project code 39

10.3 References 63

xi
Dynamic password policy generation system

1.BACKGROUND

Text-based passwords have been used widely in both online and offline applications for
decades. Since passwords are personal and portable, they are not likely to be replaced in the
foreseeable future. However, the phenomenon that people choose simple passwords and reuse
common passwords has raised great security concerns as such passwords are vulnerable to
offline cracking attacks. To make things worse, a number of password leak incidents have
happened recently and frequently. Large datasets of leaked passwords can greatly enhance
attacker’s capability in conducting training-based password attacks, thus posing significant
threats on password security.

To keep password users from creating simple and common passwords, major websites and
applications provide a password-strength measuring mechanism, which evaluates the strength
of passwords proactively during user registration. While critical requirements for a password
strength checker to be stringent have prevailed in the study of password security, regardless
of the stringency, such static checkers can leak information and actually help the adversary in
enhance the performance of their attacks. To address this weakness, here the proposed system
is the Dynamic Password Policy Generator, namely DPPG, it is an effective and usable
alternative to the existing password strength checker. DPPG aims to enforce an evenly-
distributed password space and generate dynamic policies for users to create passwords that
are diverse and that contribute to the overall security of the password database. Since DPPG
is modular and can function with different underlying metrics for policy generation, also
there is a diversity-based password security metric that evaluates the security of a password
database in terms of password space and distribution. The metric is useful as a
countermeasure to well-crafted offline cracking algorithms.

The proposed system helps to check the strength of a password using machine learning
technique. The machine learning technique plays an important role in this world. The
Machine learning techniques help to find the password strength using naive bayes classifier.

1.1 EXISTING SYSTEM

The existing system is static. The static checker set specific condition to generate a strong
password. There will be high chance of leak or theft of the password which are created by

Department of Computer Science,KMM College of Arts and Science |1

Dynamic password policy generation system

means of static checker. The person those who know the static password rule can easily steal
the password and leak the password.

The Existing checkers do not demonstrate effective or uniform characterization of strong

passwords. The password strength checkers simply cannot demand users to create passwords
that are too complex. By defining a set of password creation policies and showing users
password strength scores, password checkers can exert a strong bias on password
characteristics, especially when the policies and scoring mechanisms remain static. The
passwords registered to a database are largely similar to the specific password patterns
enforced by the associated checker. Although password checkers vary among websites, they
inevitably rely on similar rules that focus on specific password properties (e.g., length,
number of digits and special characters). When rules are relatively relaxed, password users
may create simple passwords following a common distribution. When rules are relatively
demanding, the password distribution is closely correlated to the scoring metrics and can be
inferred. Since the password checkers are publicly available, attackers can easily make use of
the password checkers to learn the password characteristics distribution that is shaped by the
password checkers.

DISADVANTAGES OF THE EXISTING SYSTEM:

 The existing system is very time consuming.

 Lots of man power is required in the existing system.
 The existing system is not very efficient.
 Password generation is based on static checker. So there is a chance to crack
password.
 Passwords have same patterns when it is generated by using static method.

1.2. DEFINITION OF PROBLEM:

The existing system provide a password-strength measure, namely a password strength

checker. While critical requirements for a password checker to be stringent have prevailed
in the study of password security, we show that regardless of the stringency, such static

Department of Computer Science,KMM College of Arts and Science |2

Dynamic password policy generation system

checkers can leak information and actually help the adversary enhance the performance of
their attacks. The Existing checkers do not demonstrate effective or uniform
characterization of strong passwords. The password strength checkers simply cannot
demand users to create passwords that are too complex. By defining a set of password
creation policies and showing users password strength scores, password checkers can exert
a strong bias on password characteristics, especially when the policies and scoring
mechanisms remain static. The passwords registered to a database are largely similar to the
specific password patterns enforced by the associated checker. Although password
checkers vary among websites, they inevitably rely on similar rules that focus on specific
password properties. So, a system that overcomes the limitations of the existing system
and it should be developed.

1.3 PROPOSED SYSTEM:

The proposed system can check the password strength using machine learning technique. If
the system predict password strength as weak, then system generate some dynamic policy to
generate a strong password. The policy changes every time. The policies are unknown to
users because each time a new policy is created for every user. System automate the policy
generation to generate strong password rather than forcing all users to create extremely
complex passwords, here the focus on the overall strength of the password. The Dynamic
Password Policy Generator, namely DPPG, is an alternative to traditional password strength
checkers.

DPPG is a diversity-based application that generates password creation policies dynamically

for the users. Instead of purely focusing on the complexity of candidate passwords, DPPG
enforces a baseline complexity on the passwords (e.g., more than 6 characters long) to protect
them from simple attacks, e.g., dictionary, brute-forcing. However, more focus is put on
protecting the password distribution within a database by preventing aggregation of similar
passwords that form a characteristically biased distribution. As long as a candidate password
meets the policy, it is accepted and no additional feedback about the strength of th password
is provided.

Department of Computer Science,KMM College of Arts and Science |3

Dynamic password policy generation system

DPPG is the first password policy generator that can generate password policies dynamically
according to the current password distribution. Since the policies generated by DPPG are
dynamic and unpredictable, the attacker will find it extremely difficult, and impossible, to
learn the system or the inner password distribution. The policies themselves are in different
formats and only contain information that is ideally contrary to the distribution in the
database, because DPPG always tries to balance the current distribution and expanding
password space. Through the characteristics analysis and the attack-based evaluation, the
password datasets created with DPPG are diverse and relatively robust to training-based
cracking attacks. Furthermore, the usability of DPPG is not sacrificed for dynamic policies
according to our user study, which makes DPPG practical to use. Therefore, DPPG can be a
more secure alternative to current password strength checkers in terms of protecting password
distribution information and preventing crafted training-based offline attack.

ADVANTAGES OF THE PROPOSED SYSTEM:

 The dynamic password policy generator is more efficient than static checker
 The DPPG is not time consuming
 Only Less man power is required in the DPPG.
 The system generate dynamic policy each time.
 The DPPG provide high security because of dynamic policy.

Department of Computer Science,KMM College of Arts and Science |4

Dynamic password policy generation system

2. PROJECT OVERVIEW

2.1. OBJECTIVE OF THE PROJECT

Major objective of this project is to provide a new system which can predict the strength
of the passwords entered by the user using the machine learning technique. The Dynamic
Password Policy Generator, namely DPPG, to be an effective and usable alternative to the
existing password strength checker. DPPG aims to enforce an evenly-distributed password
space and generate dynamic policies for users to create passwords that are diverse and that
contribute to the overall security of the password database. Since DPPG is modular and can
function with different underlying metrics for policy generation, DPPG is the first password
policy generator that can generate password policies dynamically according to the current
password distribution. Since no password strength feedback is returned and the policies
generated by DPPG are dynamic and unpredictable, the attacker will find it extremely
difficult, if not impossible, to learn the system or the inner password distribution.

2.2. STAKE HOLDER

The proposed system has following stakeholders;

User: The user can enter passwords to the system and check the strength of the entered
password. If the entered password is weak password then the system will generate dynamic
policies for the user to generate a new strong password.

2.3. SCOPE OF THE PROJECT

The proposed system can be implemented on any websites or application where password
is required. The proposed system can check the password strength using machine learning
technique. If the system predict password strength as weak, then system generate some

Department of Computer Science,KMM College of Arts and Science |5

Dynamic password policy generation system

dynamic policy to generate a strong password. The policy changes every time. The policies
are unknown to users because each time a new policy is created for every user. System
automate the policy generation to generate strong password rather than forcing all users to
create extremely complex passwords, here the focus on the overall strength of the password.
It is an alternative to traditional password strength checkers. It aims to enforce an evenly-
distributed password space and generate dynamic policies for users to create passwords that
are diverse and that contribute to the overall security of the password database.

2.4 FEASIBILITY ANALYSIS

Feasibility study is the initial design stage of any project, which brings together the elements
of knowledge that indicate if a project is possible or not. A feasibility study includes an
estimate of the level of expertise required for a project and who can provide it, quantitative
and qualitative assessments of other essential resources, identification of critical points, a
general timetable, and a general cost estimate

2.4.1.TECHNICAL FEASIBILITY

Technical feasibility study is the complete study of the project in terms of input, processes,
output, fields, programs and procedures. It is a very effective tool for long term planning
and trouble shooting. The technical feasibility study should most essentially support the
financial information of an organization.
As coming to the project, the most essential factor for this system is its data set. The
system predicts the performance based on this dataset. The data set contains data field and
these data field contains many different types of password. Based on these data, the system
can predict whether the password is strong or weak. To train the machine with the dataset,
it may take time depending upon the size of the dataset. If it is larger, the system will be
efficient. For the classifications, system uses naive bias classifier. System will choose
different techniques based on the dataset collected. The system is developed in python. It is
an open source language and it is platform independent. So it is easy to work with it and it
can be implemented anywhere. It is also an open source platform. As taking the above

Department of Computer Science,KMM College of Arts and Science |6

Dynamic password policy generation system

points, the system is technically feasible.

2.4.2.OPERATIONAL FEASIBILITY

Operational feasibility refers to the measure of solving problems with the help of a new
proposed system. It helps in taking advantage of the opportunities and fulfills the
requirements as identified during the development of the project. It takes care that the
users support the project.
As coming to the project, to work with the system smoothly, it needs a dataset with different
types of combinations of passwords. The different types of classification makes the
prediction more accurate. For such types of calculations, the system needs a large dataset. A
high-performance system is needed for that. If a system with high performance is available,
the system will be operationally feasible. All the operations can be done smoothly and
efficiently.

2.4.3.SCHEDULE FEASIBILITY

A schedule feasibility study will take into account the period in which the project is going
to take up to its completion. A project will fail if it takes too long to be completed before it
is useful. Typically, this means estimating how long the system will take to develop, and if
it can be completed in a given time period using some methods like payback period.
Schedule feasibility is a measure of how reasonable the project timetable is.
As coming to the project, the first step is the data set collection. It needs 4-5 Days as time
duration. After getting the dataset, it must be trained in the system. It is a long process and
it will take some time. The time duration which a system takes is purely depend upon the
system specifications and the size of the dataset. If the dataset is very large and the system
has high performance, time duration for the training will decrease. Otherwise, it will take
more time. For the coding phase, it needs around 40-50 days. Testing phase can take a
week as the time period. So, the overall project can be finished within 3 months.

2.4.4.ECONOMIC FEASIBILITY

Department of Computer Science,KMM College of Arts and Science |7

Dynamic password policy generation system

Economic feasibility analysis is the most commonly used method for determining the
efficiency of a new project. It is also known as cost analysis. It helps in identifying profit
against investment expected from a project. Cost and time are the most essential factors
involved in this field of study.
As coming to the project, definitely it has some expenditure. The system uses python as
front end. It is open source and it doesn’t need any cost. But, for the development, it needs a
high-performance system. Such systems will have a cost. The system will have a
development cost. But its benefits can surely overcome this cost. The implementation cost
can also be overcome by the benefits. So the system is economically feasible

2.4.5.COST-BENEFIT ANALYSIS

A cost-benefit analysis is a process business use to analyse decisions. The business or

analyst sums the benefits of a situation or action and then subtracts the costs associated with
taking that action. Like previously said, the system has a development cost. It depends on
the system specifications. For the training and testing it need a high-performance system. It
will have a powerful processor, which can perform the operations faster, and a RAM, which
has a high storage capacity etc. For all of these, the system will have amount of cost which
can be consider as the development cost. The system needs more amounts of man hours for
the development. It also considers as development cost. Training with the dataset takes more
amount of time and it also has a training cost. But the system is faster than the usual system
and is more efficient also. By using the system, user can understand whether his password is
strong or weak without worrying about the attack. The system’s benefits are actually
overcoming its cost and makes the system economically feasible.

Department of Computer Science,KMM College of Arts and Science |8

Dynamic password policy generation system

3.HIGH LEVEL SYSTEM ANALYSIS

3.1. USER CHARACTERISTICS

User

There is only one user in the system. The user can input password to see whether the entered
password is strong or weak. This is carried out by using machine learning technique. If the
entered password is weak then system generate some dynamic policy to generate a strong
password. The policy change every time. The policies are unknown to users because each
time a new policy is created for every user. System automate the policy generation to
generate strong password rather than forcing all users to create extremely complex
passwords.

3.2. FUNCTIONAL REQUIREMENTS

It essentially specifies something the system should do. Typically, functional

requirements specify behaviour or functions of a software.

1. Dataset: Details of marks which is acquired by the student.

2. TF Libraries: Tensor Flow is a free and open-source software library for

dataflow and differentiable programming across a range of tasks. It is a symbolic
math library.

3. NumPy packages: NumPy is a library for the Python programming language,

adding support for large, multi-dimensional arrays and matrices, along with a
large collection of high-level mathematical functions to operate on these arrays.

4. SciPy packages: SciPy library is one of the core packages that make up the
SciPy stack. It provides many user-friendly and efficient numerical routines such

Department of Computer Science,KMM College of Arts and Science |9

Dynamic password policy generation system

as routines for numerical integration, interpolation, optimization, linear algebra

and statistics.

5. TFIDF: It is used for feature extraction from the dataset

6. Classifiers: The system has Naïve bayes classification method.

3.3. NON-FUNCTIONAL REQUIREMENTS

Non-Functional requirements specify how the system should works and it is a

constraint upon the systems behavior.
1. Platform: Our system can be developed on both Windows and Linux using
python.
2. Accessibility: Accessibility is the design of products, devices, services, or
environments for people with disabilities. Can be accessible for user.
3. Quality: Satisfies the customer expectations.

4. Efficiency: Efficient performance of the system.

5. Testability: If the testability of the software artefact is high, then finding faults
in the system (if it has any) by means of testing is easier.

6. Cost: Cost and benefit of the system should be in a balanced state

3.4. USE CASES

Use case is a list of actions or event steps typically defining the interactions between a
role (known in the Unified Modeling Language as an actor) and a system to achieve a goal.
The actor can be a human or other external system. In systems engineering use cases are
used at a higher level than within software engineering often representing missions or
stakeholder goals. The detailed requirements may then be captured in the Systems Modeling
Language (SysML) or as contractual statements.

USER:

The user can input password to see whether the entered password is strong or weak

Department of Computer Science,KMM College of Arts and Science | 10

Dynamic password policy generation system

4.SYSTEM MODELLING

4.1. USE CASE DIAGRAM

Department of Computer Science,KMM College of Arts and Science | 11

Dynamic password policy generation system

4.2 ACTIVITY DIAGRAM

Department of Computer Science,KMM College of Arts and Science | 12

Dynamic password policy generation system

4.3 SEQUENCE DIAGRAM.

result

result

Department of Computer Science,KMM College of Arts and Science | 13

Dynamic password policy generation system

4.4.THEORETICAL BACKGROUND

4.4.1. PYTHON 2.7

Python is an interpreted , high-level, general-purpose programming language. Created by

Guido van Rossum and first released in 1991, Python's design philosophy emphasizes code
readability with its notable use of significant whitespace. Its language constructs and object-
oriented approach aim to help programmers write clear, logical code for small and large-
scale projects.

Python is dynamically typed and garbage-collected. It supports multiple

programming paradigms, including procedural, object-oriented, and functional
programming. Python is often described as a "batteries included" language due to its
comprehensive standard library.

Python interpreters are available for many operating systems. A global community of
programmers develops and maintains CPython, an open source reference
implementation. A non-profit organization, the Python Software Foundation, manages
and directs resources for Python and CPython development.

As of March 2018, the Python Package Index (PyPI), the official repository for third-
party Python software, contains over 130,000 packages with a wide range of
functionality, including:

 Graphical user interfaces

 Web frameworks

 Multimedia

 Databases

 Networking

 Test frameworks

 Automation

 Web scraping

Department of Computer Science,KMM College of Arts and Science | 14

Dynamic password policy generation system

 Documentation

 System administration

 Scientific computing

 Text processing

 Image processing

4.4.2. DJANGO

Django is a free and open source web application framework written in Python. A
framework is nothing more than a collection of modules that make development easier.
They are grouped together, and allow you to create applications or websites from an
existing source, instead of from scratch.

This is how websites - even simple ones designed by a single person - can still include
advanced functionality like authentication support, management and admin panels,
contact forms, comment boxes, file upload support, and more. In other words, if you were
creating a website from scratch you would need to develop these components yourself.
By using a framework instead, these components are already built, you just need to
configure them properly to match your site. The official project site describes Django as
"a high-level Python Web framework that encourages rapid development and clean,
pragmatic design. Built by experienced developers, it takes care of much of the hassle of
Web development, so you can focus on writing your app without needing to reinvent the
wheel. It’s free and open source." Django offers a big collection of modules which you
can use in your own projects. Primarily, frameworks exist to save developers a lot of
wasted time and headaches and Django is no different.

Django was created in the fall of 2003, when the web programmers at the Lawrence
Journal- World newspaper, Adrian Holovaty and Simon Willison, began using Python to
build applications. It was released publicly under a BSD license in July 2005. The
framework was named after guitarist Django Reinhardt. In June 2008, it was announced
that a newly formed Django Software Foundation (DSF) would maintain Django in the
future.

Department of Computer Science,KMM College of Arts and Science | 15

Dynamic password policy generation system

5. SYSTEM DESIGN

5.1 MODULE DESCRIPTION

The modules are:

 Preprocessing
 Feature extraction
 Classification
 Training
 Testing
 Password generation based on dynamic policy (if password is weak)

Pre-processing: The dataset can be used in machine learning techniques. The dataset consist
of available password combinations both strong and weak. The system can learn password
strength based on this available dataset. The pre-processing steps helps to remove unwanted
noises from the dataset and convert it into a format that is understood by the system.

Feature Extraction: The passwords available in the dataset have their own features. The
feature extraction steps helps to gather the features of the password in the given dataset. it
helps to gather the feature of the password like the length ,character combination etc of the
password.

Classification: The classification can be performed using naive bayes classifier. The
classifier can be used to split our dataset for both training and testing. The classifier work
based on probability distribution.

Training: The training process is carried out by using machine learning technique. The
training process makes the system learn new things from the available dataset. The features
of each password can be extracted and learned through the training process. A model file will
be created after training process. The model file include features of password.

Department of Computer Science,KMM College of Arts and Science | 16

Dynamic password policy generation system

Testing: The testing process helps to check whether the given password is strong or not. The
model file can be used to predict whether the password is strong or not.

Password Generation: The weak password can’t be able to produce security. There will be
certain policy to generate a strong password. This module can be used when the password
strength is poor or weak.

5.2 INPUT DESIGN

The input design is the link between the information system and the user. It comprises the
developing specification and procedures for data preparation and those steps are necessary to
put the data in to a usable form for processing can be achieved by inspecting the computer to
read data from a written or printed document or it can occur by having people keying the data
directly into the system. The design of input focuses on controlling the amount of input
required, controlling the errors, avoiding delay, avoiding extra steps and keeping the process
simple. The input is designed in such a way so that it provides security and ease of use with
retaining the privacy. Input Design considered the following things:

 What data should be given as input?

 How the data should be arranged or coded?
 The dialog to guide the operating personnel in providing input.
 Methods for preparing input validations and steps to follow when error occur.

1. Input Design is the process of converting a user-oriented description of the input into a
computer-based system. This design is important to avoid errors in the data input process and
show the correct direction to the management for getting correct information from the
computerized system.

2. It is achieved by creating user-friendly screens for the data entry to handle

large volume of data. The goal of designing input is to make data entry easier and

Department of Computer Science,KMM College of Arts and Science | 17

Dynamic password policy generation system

to be free from errors. The data entry screen is designed in such a way that all the
data manipulates can be performed. It also provides record viewing facilities.

3. When the data is entered it will check for its validity. Data can be entered with
the help of screens. Appropriate messages are provided as when needed so that
the user will not be in maize of instant. Thus the objective of input design is to
create an input layout that is easy to follow.

5.3. DATASET

The training data set in Machine Learning is the actual dataset used to train the model
for performing various actions. This is the actual data the ongoing development process
models learn with various API and algorithm to train the machine to work automatically.

First task is to extract the dataset suitable for prediction. For this, we have collected
different passwords. Data set includes passwords and its strength range. The strength
range is labeled as one and two. The weak password is labeled as one and the strong
password is labeled as two. After the extraction of data, then it is trained by the system.

Department of Computer Science,KMM College of Arts and Science | 18

Dynamic password policy generation system

5.4 OUTPUT DESIGN

A quality output is one, which meets the requirements of the end user and presents the
information clearly. In any system results of processing are communicated to the users and to
other system through outputs. In output design it is determined how the information is to be
displaced for immediate need and also the hard copy output. It is the most important and
direct source of information to the user. Efficient and intelligent output design improves the
system’s relationship to help user in decision-making.

1. Designing computer output should proceed in an organized, well thought out manner; the
right output must be developed while ensuring that each output element is designed so that
people will find the system can use easily and effectively. When analysis design computer
output, they should Identify the specific output that is needed to meet the requirements.

2. Select methods for presenting information.

3. Create document, report, or other formats that contain information produced by the system.

The output form of an information system should accomplish one or more of the following
objectives.

 Convey information about past activities, current status or projections of the Future.
 Signal important events, opportunities, problems, or warnings.
 Trigger an action.

Department of Computer Science,KMM College of Arts and Science | 19

Dynamic password policy generation system

 Confirm an action.

5.5 USER INTERFACE DESIGN

Form 1

Form 2

Department of Computer Science,KMM College of Arts and Science | 20

Dynamic password policy generation system

Form 3

Form 4

Department of Computer Science,KMM College of Arts and Science | 21

Dynamic password policy generation system

Form 5

Form 6

Department of Computer Science,KMM College of Arts and Science | 22

Dynamic password policy generation system

6. CODING

6.1 STANDARDIZATION OF CODING

It is seen that good quality software and code is not as easy as pie. It requires
consistent efforts and sheer focus of the software development team to meet the
quality goals. This is an essential thing for the software project. The developers are
often seen side-stepping the quality standards when they are required to complete their
tasks in a short span of time.
Coding Standards:
They are a series of procedures that can be defined for a particular programming
language specifying a programming style, the methods, & different procedures. These
procedures can be for various aspects of the program written in that language. They
can be considered as essential attributes of software development. A coding standard
makes sure that all the developers working on the project are following certain
specified guidelines. The code can be easily understood and proper consistency is
maintained.
Consistency has a positive impact on the quality of the program and one should
maintain it while coding. Also, it should be taken care that the guidelines are
homogeneously followed across different levels of the system and they do not
contradict each other. The finished program code should look like that it has been
written by a single developer, in a single session.
Why coding standards are important?
If the coding standards are not defined, developers could be using any of their own
methods, which might lead to certain negative effects such as:
Security Concerns
Software becomes vulnerable to attacks if it is inconsistent, contains bugs and errors
in logic. Most of the aforementioned problems arise due to the faulty programming
code that might have resulted from poor coding practices.
Performance Issues

Department of Computer Science,KMM College of Arts and Science | 23

Dynamic password policy generation system

Poor coding has an adverse effect on the performance of the site. The performance
issues comprise a multitude of things like when the user is interacting with the site,
server response issues, reusability & flow of the code, etc.When the coding standards
are implemented, these problems can be easily overcome giving you a secure site with
minimum or no performance issues. While formulating a code, the following should
be kept in mind The code should be easy to be read, for this:Try to define different
sections of the code by segmenting blocks of code into a paragraph Make use of
indentation for indicating the start and end of the control structures along with a clear
specification of where the code is between them There should be consistency in the
naming convention of the variables throughout the code. Also, the data should be
described that is there in the code Name the functions according to what they perform
The code should be such that one should be able to understand it even after returning
to it after some time gap, without that person having to look at every line of it
Follow a specific method for commenting on the work
The language functions that are complex or the structure that is difficult to be
comprehended should be avoided There are many advantages to the following coding
standards while coding the software.

6.2 ERROR HANDLING

Error handling helps in handling both hardware and software errors gracefully and helps
execution to resume when interrupted. When it comes to error handling in software, either the
programmer develops the necessary codes to handle errors or makes use of software tools to
handle the errors. In cases where errors cannot be classified, error handling is usually done
with returning special error codes. Special applications known as error handlers are available
for certain applications to help in error handling. These applications can anticipate errors,
thereby helping in recovering without actual termination of application.

There are four main categories of errors:

Logical errors

Generated errors

Department of Computer Science,KMM College of Arts and Science | 24

Dynamic password policy generation system

Compile-time errors

Runtime errors

Error-handling techniques for development errors include rigorous proofreading. Error-

handling techniques for logic errors or bugs is usually by meticulous application debugging
or troubleshooting. Error-handling applications can resolve runtime errors or have their
impact minimized by adopting reasonable countermeasures depending on the environment.
Most hardware applications include an error-handling mechanism which allows them to
recover gracefully from unexpected errors.

As errors could be fatal, error handling is one of the crucial areas for application designers
and developers, regardless of the application developed or programming languages used. In
worst-case scenarios, the error handling mechanisms force the application to log the user off
and shut down the system.

Python has many built-in exceptions which forces your program to output an error when
something in it goes wrong.

When these exceptions occur, it causes the current process to stop and passes it to the calling
process until it is handled. If not handled, our program will crash.

6.3 PARAMETERS PASSING

The mechanism used to pass parameters to a procedure (subroutine) or function. The most
common methods are to pass the value of the actual parameter (call by value), or to pass the
address of the memory location where the actual parameter is stored (call by reference). The
latter method allows the procedure to change the value of the parameter, whereas the former
method guarantees that the procedure will not change the value of the parameter. Other more
complicated parameter-passing methods have been devised, notably call by name in Algol 60,
where the actual parameter is re-evaluated each time it is required during execution of the
procedure.

Department of Computer Science,KMM College of Arts and Science | 25

Dynamic password policy generation system

6.4 VALIDATION CHECKS

Validation is an automatic check to ensure that data entered is sensible and feasible.
Validation cannot ensure data is accurate.
When programming, it is important that you include validation for data inputs. This stops
unexpected or abnormal data from crashing your program and prevents you from receiving
impossible garbage outputs.

Validation methods and Description

 Range check : Checks the data falls between an acceptable upper and lower value,
within a set range
 Type check : Checks that the data entered is of an expected type, e.g. text or a
number
 Length check : Checks the number of characters meets expectations, e.g. an 8
character password
 Presence check : Checks that the user has at least inputted something, stopping them
from accidentally entering nothing
 Check digit : An extra digit added to a number which is calculated from the other
digits, this ensures the rest of the number has been entered properly

Department of Computer Science,KMM College of Arts and Science | 26

Dynamic password policy generation system

7. TESTING

7.1 TEST CASES

A test case is a document that has a set of test data predictions and expected results and post
conditions, devloped for a perticular test scenario in order to varify complaince against a
specific requirement Test case acts as starting point of test execution and after applying a set
of input values, the application has a definitive outcome and leaves the system at some point
or also known as execution post condition
Following is the basic test cases use in this project testing

Test case Input Expected result Result obtained Pass/fail Reason

Enter password Weak Password Weak password Strong password Failed Code is not
message working
properly

Enter password Strong Weak password Weak password Pass Code is

password message working
properly

Enter password Strong Strong Strong password passed Code is

password password working
message
properly

Testing is a process of executing a program with the aim of finding error. To make our
software perform well it should be error free.If testing is done successfully it will remove all
the errors from the software.The system undergoes experimental testing so as to check that
the system does not fail i.e. to check whether the required system is running according to
specification and user expectation. System testing also tests to find discrepancies between the
system and its original objective, current specification and systems documentation

Department of Computer Science,KMM College of Arts and Science | 27

Dynamic password policy generation system

7.1.1.TEST TYPES

The basic levels are unit testing, integration testing, system testing and acceptance testing.
These different levels of testing attempt to detect different types of faults.
The different levels of testing are as follows:

7.1.2.UNIT TESTING
Unit testing include focuses at the very lowest level of software design. Modules are tested
separately. Unit testing is essential for verification of the code produced during the coding
phase, and hence the goal is to test the internal logic of the modules
We have tested the code of each activity that contains various events of objects for various
test cases. For each unit we made sure that the results produced are accurate and not found
any abnormal conditions in our project.
In this testing we test each modules individually and are tested separately for each functions
and methods . After this testing it was clear that satisfactory as regard to the expected output
from the module.

7.1.3.INTEGRATION TESTING:

Integration testing involves bottom – up integration, top – down integration and sandwich
integration strategy. Bottom up integration the traditional strategy used to integrate the
components of software system into a functioning whole.
Top – down integration starts with the main routine and one or two immediate subroutines in
the system structure. Sandwich integration is predominantly top-down, but bottom-up
techniques are used in some modules and sub systems.
Integration testing ensured that the model is able to uncover errors with the interface. For
integration testing sample data were used and the results were satisfactory. The integration
testing checks the overall system performs.
The Model is working efficiently and user-friendly no complexity is seen while the testing. In
this phase each and every module of the system is tested with all the possible inputs. And the
whole system is tested finally.

Department of Computer Science,KMM College of Arts and Science | 28

Dynamic password policy generation system

7.1.4.SYSTEM TESTING:
Acceptance testing involves planning and execution of functional tests, performance tests and
stress tests in order to demonstrate the implemented system satisfies its requirements.
Model we created are satisfying the user need, confirm to its requirements and design
satisfaction and exhibits an absence of errors.

7.1.5WHITE BOX TESTING:

White Box testing, sometimes called glass box, is a test case design method that uses the
control structure of the procedural design to derive test cases. Using white box testing
methods, we can derive test case that

 Guarantee that all independent paths with a module have been exercised at least once.
 Exercise all logical decisions on their true and false sides.
 Execute all loops at their boundaries and within their operational bounds.
 Exercise internal data structures to ensure their validity.

Through this testing each module are individually tested and examine that each module work
correctly. In each activity, there were loops and that loops are also individually tested.

7.1.6.BLACK BOX TESTING:

Black box testing focuses on the functional requirements of the software. That is, black box
testing enables the software engineer to derive sets of input conditions that will fully exercise
all functional requirements for a program.

Black Box testing is not an alternative to white box testing. Rather it is a complementary
approach that is likely to uncover a different class of errors than white box method.

Black Box testing attempts to find errors in the following categories.

 Incorrect or missing functions

 Interface errors

Department of Computer Science,KMM College of Arts and Science | 29

Dynamic password policy generation system

 Error in data structures

 Performance errors
 Initialization and termination errors.
In most of the application, the errors occur due to the database structure and the incorrect
access. But in our project, there is no usage of the database so there is no condition of errors.
The programs are looked correctly and the functions are correctly placed.

System Validation

Validation testing can be defined in many ways, but a simple definition is that validation
succeeds when the software function is in a manner that is reasonably expected by the
customer. The process of evaluating software during the development process or at the end of
the development process to determine whether it satisfies specified business requirements.

Validation Testing ensures that the product actually meets the client's needs. It can also be
defined as to demonstrate that the product fulfills its intended use when deployed on
appropriate environment.

It answers to the question, Are we building the right product?

7.2 SAMPLE CODE USED FOR TESTING

from django.shortcuts import render

from sklearn.externals import joblib
import random

def index(request):
return render(request,'index.html',{})

def check_password(request):

try:

Department of Computer Science,KMM College of Arts and Science | 30

Dynamic password policy generation system

symbol = 0
lower = 0
upper = 0
number = 0
count = 0
password = []

paswd=request.POST.get("password")
print("password",paswd)
NaiveBayes_Model = joblib.load('NaiveBayes_Model.joblib')
print("model loaded")
pass_word = [paswd]
NaiveBayes_Test = NaiveBayes_Model.predict(pass_word)
print("tested output",NaiveBayes_Test)
output=NaiveBayes_Test[0]

if output==1:
out="Weak"
length = random.randrange(6,10)
length = 128 if length is '' else int(length)
while count < length:
rand = random.randint (0,3)
if rand == 0:
lower += 1
b = int(random.randint (97,123))
password.append(b)
elif rand == 1:
upper += 1
b = random.randint (65,91)
password.append(b)
elif rand == 2:
number += 1
b = random.randint (48,58)

Department of Computer Science,KMM College of Arts and Science | 31

Dynamic password policy generation system

password.append(b)
elif rand == 3:
r = random.randint(0,2)
symbol += 1
if r == 0:
b = random.randint (33,48)
password.append(b)
elif r == 1:
b = random.randint (91,97)
password.append(b)
elif r == 2:
b = random.randint (123,126)
password.append(b)
count += 1
word = "".join([chr(c) for c in password])
## print("generated password",word)
elif output==2:
out="Strong"
word="Strong Password"
else:
out="Weak"
#randomly select ascii character classes and individual characters
length = random.randrange(6,10)
length = 128 if length is '' else int(length)
while count < length:
rand = random.randint (0,3)
if rand == 0:
lower += 1
b = int(random.randint (97,123))
password.append(b)
elif rand == 1:
upper += 1
b = random.randint (65,91)
password.append(b)

Department of Computer Science,KMM College of Arts and Science | 32

Dynamic password policy generation system

elif rand == 2:
number += 1
b = random.randint (48,58)
password.append(b)
elif rand == 3:
r = random.randint(0,2)
symbol += 1
if r == 0:
b = random.randint (33,48)
password.append(b)
elif r == 1:
b = random.randint (91,97)
password.append(b)
elif r == 2:
b = random.randint (123,126)
password.append(b)
count += 1
#convert ascii code to characters
word = "".join([chr(c) for c in password])
print("########################")
print("generated password",word)
print("output label",out)
return render(request,'index.html',{'out':out,'passw':word})

except Exception as err:

return render(request,'index.html',{})

Department of Computer Science,KMM College of Arts and Science | 33

Dynamic password policy generation system

8.SYSTEM SECURITY MEASURES

8 1.DATABASE SECURITY MEASURES

Database security refers to the various measures organizations take to ensure their databases
are protected from internal and external threats. Database security includes protecting the
database itself, the data it contains, its database management system, and the various
applications that access it. Organizations must secure databases from deliberate attacks such
as cyber security threats, as well as the misuse of data and databases from those who can
access them.

Security concerns for internet-based attacks are some of the most persistent challenges to
database security. Hackers devise new ways to infiltrate databases and steal data almost daily.
Organizations must ensure their database security measures are strong enough to withstand
these attacks.

Some of these cyber security threats can be difficult to detect, like phishing scams in which
user credentials are compromised and used without permission. Malware and ransomware are
also common cyber security threats.

Another critical challenge for database security is making sure employees, partners, and
contractors with database access don’t abuse their credentials. These exfiltration
vulnerabilities are difficult to guard against because users with legitimate access can take data
for their own purposes. Organizations must also make sure users with legitimate access to
database systems and applications are only privy to the information they need for work.
Otherwise, there’s greater potential for them to compromise database security.

8.2. CREATION OF USER PROFILES AND ACCESS RIGHTS

User, role, and access management are three different types of permissions commonly found
within project management software. Permissions determine what information users can view
and edit within the software.flexible and customizable permissions allow you to maintain the
appropriate balance of collaboration and control,

Department of Computer Science,KMM College of Arts and Science | 34

Dynamic password policy generation system

User management allows you to manage permissions at the level of an individual user. user
management enables you to select exactly what users can see and edit.
In this project the is no limit in access rights and permission for Users The users can create
and maintain interaction with all segments in the application

Department of Computer Science,KMM College of Arts and Science | 35

Dynamic password policy generation system

9.TRANSITION

9.1 SYSTEM IMPLEMENTATION

The implementation phase of the software development is concerned with translating design
specification into source code. The user tests the developed system and changes are made
according to their needs. Our system has been successfully implemented. Before
implementation several tests have been conducted to ensure that no errors are encountered
during the operation. The implementation phase ends with an evaluation of the system after
placing into the operation for a period of time.

The process of putting the developed system in actual use is called system implementation.
This includes all those activities that take place to convert from old system to new system.
The system can be implemented only after testing is done and is found to be working to
specifications. The implementation stage is a systems project in its own right. The
implementation stage involves following tasks:

 Careful planning.
 Investigation of system and constraints.
 Design of method to achieve change over.
 Evaluation of the changeover method.

Department of Computer Science,KMM College of Arts and Science | 36

Dynamic password policy generation system

9.2.SYSTEM MAINTENANCE

After the implementation of a product or system, that should be maintained by the

developers. The system should take place some updations in various levels of the product
according to the user suggestions. The updation may be in coding, user interface etc. The
code can be more optimized or the user interface can be more user friendly and easy to
interact with the customers.

In the case of this system, the accuracy and efficiency can be improved according to the
changing technologies. The User Interface can also be changed into more user friendly one.
Some more features can be added to the system for its simplicity and efficiency. To use the
system easily by the users, developers provided a user manual with the system. It includes
how to use the system to use its several process For the purpose of convenience, maintenance
may be categorized into three classes they are:

9.2.1.CORRECTIVE MAINTENANCE

This type of maintenance implies removing errors in a program, which might have kept in the
system due to faulty design or wrong assumption.

9.2.2.ADAPTIVE MAINTENANCE

In adaptive maintenance program functions are changed to enable the information system to
satisfy the information needs of the user.

9.2.3.PERFECTIVE MAINTENANCE

In perfective maintenance means adding new programs or modifying the existing programs to
enhance the performance of the information system. This type of maintenance under taken to

Department of Computer Science,KMM College of Arts and Science | 37

Dynamic password policy generation system

respond to user addition needs which may be due to the changes within or outside of the
organization.

Department of Computer Science,KMM College of Arts and Science | 38

Dynamic password policy generation system

10 ANNEXURE

10.1. DOCUMENT GLOSSARY

Terms Definition
NumPy It is a library for the Python programming language,
adding support for large, multi-dimensional arrays
and matrices, along with a large collection of high-
level mathematical functions to operate on these
arrays.

Marlov Model Used to recognize patterns ,make prediction and to

learn the ststistics of sequential data

Django Django is a free and open source web application

framework written in Python. A framework is
n0othing more than a collection of modules that
make development easier.

10.2 SAMPLE PROJECT CODE

from django.shortcuts import render

from sklearn.externals import joblib
import random

def index(request):
return render(request,'index.html',{})

Department of Computer Science,KMM College of Arts and Science | 39

Dynamic password policy generation system

def check_password(request):

try:

symbol = 0
lower = 0
upper = 0
number = 0
count = 0
password = []

paswd=request.POST.get("password")
print("password",paswd)
NaiveBayes_Model = joblib.load('NaiveBayes_Model.joblib')
print("model loaded")
pass_word = [paswd]
NaiveBayes_Test = NaiveBayes_Model.predict(pass_word)
print("tested output",NaiveBayes_Test)
output=NaiveBayes_Test[0]

if output==1:
out="Weak"
#randomly select ascii character classes and individual characters
length = random.randrange(6,10)
length = 128 if length is '' else int(length)
while count < length:
rand = random.randint (0,3)
if rand == 0:
lower += 1
b = int(random.randint (97,123))
password.append(b)
elif rand == 1:
upper += 1

Department of Computer Science,KMM College of Arts and Science | 40

Dynamic password policy generation system

b = random.randint (65,91)
password.append(b)
elif rand == 2:
number += 1
b = random.randint (48,58)
password.append(b)
elif rand == 3:
r = random.randint(0,2)
symbol += 1
if r == 0:
b = random.randint (33,48)
password.append(b)
elif r == 1:
b = random.randint (91,97)
password.append(b)
elif r == 2:
b = random.randint (123,126)
password.append(b)
count += 1
#convert ascii code to characters
word = "".join([chr(c) for c in password])
## print("generated password",word)
elif output==2:
out="Strong"
word="Strong Password"
else:
out="Weak"
#randomly select ascii character classes and individual characters
length = random.randrange(6,10)
length = 128 if length is '' else int(length)
while count < length:
rand = random.randint (0,3)
if rand == 0:
lower += 1

Department of Computer Science,KMM College of Arts and Science | 41

Dynamic password policy generation system

b = int(random.randint (97,123))
password.append(b)
elif rand == 1:
upper += 1
b = random.randint (65,91)
password.append(b)
elif rand == 2:
number += 1
b = random.randint (48,58)
password.append(b)
elif rand == 3:
r = random.randint(0,2)
symbol += 1
if r == 0:
b = random.randint (33,48)
password.append(b)
elif r == 1:
b = random.randint (91,97)
password.append(b)
elif r == 2:
b = random.randint (123,126)
password.append(b)
count += 1
#convert ascii code to characters
word = "".join([chr(c) for c in password])
print("########################")
print("generated password",word)
print("output label",out)
return render(request,'index.html',{'out':out,'passw':word})

except Exception as err:

return render(request,'index.html',{})

Department of Computer Science,KMM College of Arts and Science | 42

Dynamic password policy generation system

from django.shortcuts import render

from sklearn.externals import joblib

import random

# Create your views here.

def index(request):

return render(request,'index.html',{})

def check_password(request):

try:

symbol = 0

lower = 0

upper = 0

number = 0

count = 0

password = []

paswd=request.POST.get("password")

Department of Computer Science,KMM College of Arts and Science | 43

Dynamic password policy generation system

print("password",paswd)

NaiveBayes_Model = joblib.load('NaiveBayes_Model.joblib')

print("model loaded")

pass_word = [paswd]

NaiveBayes_Test = NaiveBayes_Model.predict(pass_word)

print("tested output",NaiveBayes_Test)

output=NaiveBayes_Test[0]

if output==1:

out="Weak"

#randomly select ascii character classes and individual characters

length = random.randrange(6,10)

length = 128 if length is '' else int(length)

while count < length:

rand = random.randint (0,3)

if rand == 0:

lower += 1

b = int(random.randint (97,123))

password.append(b)

elif rand == 1:

upper += 1

b = random.randint (65,91)

password.append(b)

Department of Computer Science,KMM College of Arts and Science | 44

Dynamic password policy generation system

elif rand == 2:

number += 1

b = random.randint (48,58)

password.append(b)

elif rand == 3:

r = random.randint(0,2)

symbol += 1

if r == 0:

b = random.randint (33,48)

password.append(b)

elif r == 1:

b = random.randint (91,97)

password.append(b)

elif r == 2:

b = random.randint (123,126)

password.append(b)

count += 1

#convert ascii code to characters

word = "".join([chr(c) for c in password])

## print("generated password",word)

elif output==2:

out="Strong"

word="Strong Password"

Department of Computer Science,KMM College of Arts and Science | 45

Dynamic password policy generation system

else:

out="Weak"

#randomly select ascii character classes and individual characters

length = random.randrange(6,10)

length = 128 if length is '' else int(length)

while count < length:

rand = random.randint (0,3)

if rand == 0:

lower += 1

b = int(random.randint (97,123))

password.append(b)

elif rand == 1:

upper += 1

b = random.randint (65,91)

password.append(b)

elif rand == 2:

number += 1

b = random.randint (48,58)

password.append(b)

elif rand == 3:

r = random.randint(0,2)

symbol += 1

if r == 0:

Department of Computer Science,KMM College of Arts and Science | 46

Dynamic password policy generation system

b = random.randint (33,48)

password.append(b)

elif r == 1:

b = random.randint (91,97)

password.append(b)

elif r == 2:

b = random.randint (123,126)

password.append(b)

count += 1

#convert ascii code to characters

word = "".join([chr(c) for c in password])

print("########################")

print("generated password",word)

print("output label",out)

return render(request,'index.html',{'out':out,'passw':word})

# Import the necessary Libraries

import pandas as pd

# For text feature extraction

from sklearn.feature_extraction.text import TfidfVectorizer

# For creating a pipeline

from sklearn.pipeline import Pipeline

Department of Computer Science,KMM College of Arts and Science | 47

Dynamic password policy generation system

# Classifier Model (Naive Bayes)

from sklearn.naive_bayes import BernoulliNB

# To save the trained model on local storage

from sklearn.externals import joblib

# Read the File

data = pd.read_csv('training.csv')

# Features which are passwords

features = data.values[:, 1].astype('str')

# Labels which are strength of password

labels = data.values[:, -1].astype('int')

# Sequentially apply a list of transforms and a final estimator

classifier_model = Pipeline([

('tfidf', TfidfVectorizer(analyzer='char')),

('bernoulliNB',BernoulliNB()),

])

# Import the necessary Libraries

import pandas as pd

Department of Computer Science,KMM College of Arts and Science | 48

Dynamic password policy generation system

# For text feature extraction

from sklearn.feature_extraction.text import TfidfVectorizer

# For creating a pipeline

from sklearn.pipeline import Pipeline

# Classifier Model (Naive Bayes)

from sklearn.naive_bayes import BernoulliNB

# To save the trained model on local storage

from sklearn.externals import joblib

# Read the File

data = pd.read_csv('training.csv')

# Features which are passwords

features = data.values[:, 1].astype('str')

# Labels which are strength of password

labels = data.values[:, -1].astype('int')

# Sequentially apply a list of transforms and a final estimator

Department of Computer Science,KMM College of Arts and Science | 49

Dynamic password policy generation system

classifier_model = Pipeline([

('tfidf', TfidfVectorizer(analyzer='char')),

('bernoulliNB',BernoulliNB()),

])

# Fit the Model

classifier_model.fit(features, labels)

# Training Accuracy

print('Training Accuracy: ',classifier_model.score(features, labels))

# Save model for Logistic Regression

joblib.dump(classifier_model, 'NaiveBayes_Model.joblib')

# Fit the Model

classifier_model.fit(features, labels)

# Training Accuracy

print('Training Accuracy: ',classifier_model.score(features, labels))

# Save model for Logistic Regression

joblib.dump(classifier_model, 'NaiveBayes_Model.joblib')

except Exception as err:

Department of Computer Science,KMM College of Arts and Science | 50

Dynamic password policy generation system

return render(request,'index.html',{})

{% load staticfiles %}
<!DOCTYPE html>
<html>
<head>
<title>Password Strength</title>
<link href="{% static 'css/bootstrap.css' %}" rel='stylesheet' type='text/css' />
<link href="{% static 'css/style.css' %}" rel='stylesheet' type='text/css' />
<meta name="viewport" content="width=device-width, initial-scale=1">
<script type="application/x-javascript"> addEventListener("load", function() {
setTimeout(hideURLbar, 0); }, false); function hideURLbar(){ window.scrollTo(0,1); }
</script>
<script src="{% static 'js/jquery-1.11.0.min.js' %}"></script>
<link rel="stylesheet" href="{% static 'css/flexslider.css' %}" type="text/css" media="screen"
/>
<script src="{% static 'js/modernizr.js' %}"></script>
<!--Start-smoth-scrolling-->
<script type="text/javascript" src="{% static 'js/move-top.js' %}"></script>
<script type="text/javascript" src="{% static 'js/easing.js' %}"></script>
<script type="text/javascript">
jQuery(document).ready(function($) {
$(".scroll").click(function(event){
event.preventDefault();

$('html,body').animate({scrollTop:$(this.hash).offset().top},1000);
});
});
</script>
<!--end-smoth-scrolling-->
<!--animated-css-->

Department of Computer Science,KMM College of Arts and Science | 51

Dynamic password policy generation system

<link href="{% static 'css/animate.css' %}" rel="stylesheet" type="text/css"

media="all">
<script src="{% static 'js/wow.min.js' %}"></script>
<script>
new WOW().init();
</script>
<!--animated-css-->
</head>
<body>
<!--- Header Starts Here --->
<div class="header" id="home">
<div class="container">
<div class="logo">
<h1><a href="#"> DPPG</a></h1>
</div>
<span class="menu"> </span>
<div class="cleare"> </div>
<script>
$( "span.menu" ).click(function() {
$( "ul.navig" ).slideToggle( "slow", function() {
// Animation complete.
});
});
</script>
<div class="navigation">
<ul class="navig">
<li><a class="active" href="#home"
class="scroll">HOME</a></li>

<li><a href="#services" class="scroll">CHECK STRENGTH</a></li>

</ul>

</div>

Department of Computer Science,KMM College of Arts and Science | 52

Dynamic password policy generation system

<div class="clearfix"> </div>

</div>
</div>
<!--- Header Ends Here --->
<!-- Banner Starts Here -->

<div class="banner">
<div class="slider">

<script>window.jQuery || document.write('<script src="{% static "js/libs/jquery-1.7.min.js"

%}">\x3C/script>')</script>
<!--FlexSlider-->
<script defer src="{% static 'js/jquery.flexslider.js' %}"></script>
<script type="text/javascript">
$(function(){
SyntaxHighlighter.all();
});
$(window).load(function(){
$('.flexslider').flexslider({
animation: "slide",
start: function(slider){
$('body').removeClass('loading');
}
});
});
</script>
</div>
</div>
<!-- <div class="about" id="about">
<div class="container">
<div class="about1 clock wow bounceIn">
<div class="col-md-6 ">
<div class="about-top">
</div>

Department of Computer Science,KMM College of Arts and Science | 53

Dynamic password policy generation system

<div class="clearfix"> </div>

</div>
<div class="col-md-6">
<div class="about-bottom">
<a href="#"><p
class="para1">Morbi interdum mollis sapien. Sed ac risus. Phasellus lacinia, magna a
ullamcorper laoreet,lectus arcu pulvinar ricus lorem ipsum dolor</p></a>
<p class="para2">vitae facilisis
libero dolor a purus. Sed vel lacus. Mauris nibh felis , adipiscing varius, adipiscing in,lacinia
vel, tellus. Suspendisse ac urna. Etiam pellentesque mauris ut lectus.</p>
<p class="para3">Suspendisse
mauris. Fusce accumsan mollis eros. Pellentesque a diam sit amet mi ullamcorper vehicula.
integeralesuada.</p>
</div>
</div>
<div class="clearfix"> </div>
</div>
</div>
</div>
<!-- <div class="content" id="services">
<div class="container">
<div class="content-1 clock wow bounceIn">
<div class="col-md-4">
<div class="content-
grids">
<div
class="content-left">

<span class="cnt1"> </span>

</div>
<div
class="content-right">

Department of Computer Science,KMM College of Arts and Science | 54

Dynamic password policy generation system

<h3>CESTIBULUM AUCT</h3>
<P>Praesent dapibus,
neque id cursus fauci-bus, tortor neque egestas augue,euin vulputate magna eros lipsum</P>
<a href="#">MORE</a>
-->
</div>
<div class="clearfix"> </div>
</div>
</div>
<div class="col-md-4">
<div class="content-grids">
<div class="content-left">
<span class="cnt2"> </span>
</div>
<div class="content-right">

</div>
</div>
<div class="clearfix"> </div>
</div>
</div>
</div>
<div class="project">
<div class="container">
<div class="project-1 clock wow bounceIn" id="services">
<!-- <h3>MORBI IN SEM LOREM PLACERAT</h3> -->
<P style="position: relative;right: 15%;">Check Your Password Strength</P>
<form action="{% url 'check_password' %}" method="post">{% csrf_token %}
<input type="text" size="30px" name="password" value="Enter Your Password..."
onfocus="this.value = '';" onblur="if (this.value == '') {this.value = 'Enter Your
Password...';}">

<input type="submit" value="CHECK">

Department of Computer Science,KMM College of Arts and Science | 55

Dynamic password policy generation system

</form>
</div>
</div>
</div>

<!--Responsive-tabs-Starts-Here-->
<div class="responsive-tabs" id="project">
<div class="container">
<div class="tabs-box clock wow bounceIn">
<!-- <ul class="tabs-menu">
<li><a href="#tab1"><img src="{% static 'images/f.png' %}"
alt="">SED EGEST ASTEET</a></li>
<li><a href="#tab2"><img src="{% static 'images/d.png' %}"
alt="">MORBI INTERDUM</a></li>
<li><a href="#tab3"><img src="{% static 'images/u.png' %}"
alt="">MORBI INTERDUM</a></li>
</ul> -->
<div class="clearfix"> </div>
<div class="tab-grids">

{% if out == "Weak" %}
<p style="font-weight: bold;font-size: 25px;position: relative;
left: 40%;">{{out}} Password</p>
<p id="passwd" style="font-weight: bold;font-size: 25px;position: relative;
left: 40%;">Generated Password: {{passw}}</p>
{% elif out == "Strong" %}
<!-- <p>{{out}} Password</p> -->
<p id="passwd" style="font-weight: bold;font-size: 25px;position: relative;
left: 40%;">{{passw}}</p>
{% elif out == "Nothing" %}

<p id="passwd" style="font-weight: bold;font-size: 25px;position: relative;

left: 40%;">{{passw}}</p>

Department of Computer Science,KMM College of Arts and Science | 56

Dynamic password policy generation system

{% endif %}

<!-- <div id="tab1" class="tab-grid">

<div class="col-md-6 line1">
<img src="{% static 'images/hny.jpg' %}"
alt="">
<p>Sed egestas, ante et vulputate volutpat, eros
pede semper est, vitae luctus metus libero eu augue. Morbi purus libero, faucibus adipiscing,
commodo quis Gravida id, est. Sed lectus. Praesent elementum hendrerit tortor. Sed semper
lorem at felis lorem ipsum dolor.</p>
</div>
<div class="col-md-6 line2">
<img src="{% static 'images/hny1.jpg' %}" alt="">
<p>Lorem egestas, ante et vulputate volutpat,
eros pede semper est, vitae luctus metus libero eu augue. Morbi purus libero, faucibus
adipiscing, commodo quis Gravida id, est. Sed lectus. Praesent elementum hendrerit tortor.
Sed semper at felis lorem ipsum dolor.</p>
</div>
<div class="clearfix"> </div>
</div>
<div id="tab2" class="tab-grid">
<div class="col-md-6 line1">
<img src="{% static 'images/cake.jpg' %}"
alt="">
<p>Sed egestas, ante et vulputate volutpat, eros
pede semper est, vitae luctus metus libero eu augue. Morbi purus libero, faucibus adipiscing,
commodo quis Gravida id, est. Sed lectus. Praesent elementum hendrerit tortor. Sed semper
lorem at felis lorem ipsum dolor.</p>
</div>
<div class="col-md-6 line2">
<img src="{% static 'images/sandwich.jpg' %}"
alt="">
<p>Lorem egestas, ante et vulputate volutpat,
eros pede semper est, vitae luctus metus libero eu augue. Morbi purus libero, faucibus

Department of Computer Science,KMM College of Arts and Science | 57

Dynamic password policy generation system

adipiscing, commodo quis Gravida id, est. Sed lectus. Praesent elementum hendrerit tortor.
Sed semper at felis lorem ipsum dolor.</p>
</div> -->
<div class="clearfix"> </div>
</div>
<!-- <div id="tab3" class="tab-grid">
<div class="col-md-6 line1">
<img src="{% static 'images/melt.jpg' %}"
alt="">
<p>Sed egestas, ante et vulputate volutpat, eros
pede semper est, vitae luctus metus libero eu augue. Morbi purus libero, faucibus adipiscing,
commodo quis Gravida id, est. Sed lectus. Praesent elementum hendrerit tortor. Sed semper
lorem at felis lorem ipsum dolor.</p>
</div>
<div class="col-md-6 line2">
<img src="{% static 'images/beef.jpg' %}" alt="">
<p>Lorem egestas, ante et vulputate volutpat,
eros pede semper est, vitae luctus metus libero eu augue. Morbi purus libero, faucibus
adipiscing, commodo quis Gravida id, est. Sed lectus. Praesent elementum hendrerit tortor.
Sed semper at felis lorem ipsum dolor.</p>
</div>
<div class="clearfix"> </div>
</div> -->
</div>
</div>
</div>
<!--Script-->
<script src="{% static 'js/jquery-1.11.0.min.js' %}"></script>
<script src="{% static 'js/myscript.js' %}"> </script>
` <!--Script-->
</div>
<!--Responsive-tabs-ends-Here-->
<!-- <div class="contact" id="contact">
<div class="container">

Department of Computer Science,KMM College of Arts and Science | 58

Dynamic password policy generation system

<div class="contact-1 clock wow bounceIn">

<div class="col-md-3 contact-top1">
<h3>BLOG POSTS</h3>
<div class="contact-grid">
<div class="contact-left">
<img src="{% static 'images/men-2.png' %}" alt="">
</div>
<div class="contact-right">
<span>Aug/27/2013</span>
<h4>Cohn Doe</h4>
<p>Praesent dapibus, neque id cursus
faucibus, tortor ...</p>
</div>
<div class="clearfix"> </div>
</div>
<div class="contact-grid">
<div class="contact-left">
<img src="{% static 'images/wmn.png' %}" alt="">
</div>
<div class="contact-right">
<span>Aug/27/2013</span>
<h4>Cohn Doe</h4>
<p>Praesent dapibus, neque id cursus
faucibus, tortor ...</p>
</div>
<div class="clearfix"> </div>
</div>
<div class="contact-grid">
<div class="contact-left">
<img src="{% static 'images/men-1.png' %}" alt="">
</div>
<div class="contact-right">
<span>Aug/27/2013</span>
<h4>Cohn Doe</h4>

Department of Computer Science,KMM College of Arts and Science | 59

Dynamic password policy generation system

<p>Praesent dapibus, neque id cursus

faucibus, tortor ...</p>
</div>
<div class="clearfix"> </div>
</div>
</div>
<div class="col-md-3 contact-top2">
<h3>TWITTER POSTS</h3>
<div class="contact-grid1">
<div class="contact-left1">
<a href="#"><img src="{% static 'images/twitter.png' %}" alt=""></a>
</div>
<div class="contact-right1">
<h4>@rafimit</h4>
<p>Morbi interdum mollis sapien sed ac
risus. Phasellus lacinia</p>
</div>
<div class="clearfix"> </div>
</div>
<div class="contact-grid1">
<div class="contact-left1">
<a href="#"><img src="{% static 'images/twitter.png' %}" alt=""></a>
</div>
<div class="contact-right1">
<h4>@johndoe</h4>
<p>Morbi interdum mollis sapien sed
ac risus. Phasellus lacinia</p>
</div>
<div class="clearfix"> </div>
</div>
<div class="contact-grid1">
<div class="contact-left1">
<a href="#"><img src="{% static 'images/twitter.png' %}"
alt=""></a>

Department of Computer Science,KMM College of Arts and Science | 60

Dynamic password policy generation system

</div>
<div class="contact-right1">
<h4>@amanda</h4>
<p>Morbi interdum mollis sapien sed
ac risus. Phasellus lacinia</p>
</div>
<div class="clearfix"> </div>
</div>
<div class="contact-grid1">
<div class="contact-left1">
<a href="#"><img src="{% static 'images/twitter.png' %}" alt=""></a>
</div>
<div class="contact-right1">
<h4>@peter</h4>
<p>Morbi interdum mollis sapien sed ac
risus. Phasellus lacinia</p>
</div>
<div class="clearfix"> </div>
</div>
</div>
<div class="col-md-6 contact-top3">
<h3>QUICK CONTACT</h3>
<iframe
src="https://www.google.com/maps/embed?pb=!1m14!1m12!1m3!1d30912.73175219394!2
d79.98639619999999!3d14.4218904!2m3!1f0!2f0!3f0!3m2!1i1024!2i768!4f13.1!5e0!3m2!1
sen!2sin!4v1410591500477" width="600" height="450" frameborder="0" style="border:0">
</iframe>
<h4>Address</h4>
<p>Building name, some street name, some city name, country</p>
<a href="mailto:info@example.com">info@sitename.com / (000)
888 888 8888</a>
</div>
<div class="clearfix"> </div>
</div>

Department of Computer Science,KMM College of Arts and Science | 61

Dynamic password policy generation system

</div>
</div> -->
<div class="footer">
<div class="container">
<div class="footer-text">
<p> Maintained By<a
href="#">Admin</a></p>
</div>
</div>
<a href="#home" id="toTop" class="scroll"
style="display: block;"> <span id="toTopHover" style="opacity: 1;"> </span></a>
</div>
</body>
</html>

Department of Computer Science,KMM College of Arts and Science | 62

Dynamic password policy generation system

10.3 REFERENCES

 Shukun Yang, Member, IEEE, Shouling Ji, Member, IEEE, and Raheem Beyah,
Senior Member, IEEE “Password Strength Analysis And Dynamic Policies”
 Python: The Complete Reference Book by Martin C. Brown
 The Definitive Guide to Django :Web Development Done Right . Book by
Adrian Holovaty and Jacob Kaplan-Moss
 https://www.geeksforgeeks.org
 https:// www.programiz.com
 https:// /www.tensorflow.org

Department of Computer Science,KMM College of Arts and Science | 63