Password Cracking - Computerphile

  Рет қаралды 3,477,364

Computerphile

Computerphile

Күн бұрын

Пікірлер: 4 700
@Big_Tex
@Big_Tex 5 жыл бұрын
My password is unbreakable because I'm using my name followed by the digits of pi. All of them.
@justinreyesv
@justinreyesv 5 жыл бұрын
an unending password? youre gonna crash the db~ space limit
@Tipko
@Tipko 5 жыл бұрын
clever boy
@Mars-1995
@Mars-1995 5 жыл бұрын
Well not hashable. Nice try
@hawsh3066
@hawsh3066 5 жыл бұрын
Big brain time
@wrng-i9f
@wrng-i9f 5 жыл бұрын
big brain
@_ten
@_ten 5 жыл бұрын
computer took about 1 second to look through about 40,000,000,000 hashes 10:13 human took about 1 second to multiply 26 times 2
@uniqueusername_
@uniqueusername_ 5 жыл бұрын
Well, that's not a very fair comparison, is it? Computers are, at their core, all made for mathematical functions. Humans, on the other hand, are not. When it comes to "close enough," humans are generally better.
@emmiexss
@emmiexss 5 жыл бұрын
@@uniqueusername_ Oh really? I thought i could run through a 40bil database that is stored in my head. *Heavy sarcasme.*
@sallybugs1695
@sallybugs1695 5 жыл бұрын
Remember it was built by human
@rasmusekdahl2772
@rasmusekdahl2772 5 жыл бұрын
uniqueusername_1024 R/FUCKINGWOOOOOOOOSH
@matte_luna
@matte_luna 5 жыл бұрын
@@uniqueusername_ r/whoooosh
@kahnfatman
@kahnfatman 3 жыл бұрын
Q: What are you using the graphics card for? A: Well -- terminal apps.
@cheddarfish225
@cheddarfish225 Жыл бұрын
It would be interesting to revisit this topic and see how things have changed in the past 6 years.
@chemicallystimulated476
@chemicallystimulated476 Жыл бұрын
Can you suggest me any such videos
@mully006
@mully006 Жыл бұрын
For one thing the 4x Titan X GPU he has are are roughly equivalent to an RTX 4070 which is a ~$700 GPU. The modern equivalent of his system (say 4x 4090) is around 50 time faster than his system.
@kaspervestergaard2383
@kaspervestergaard2383 11 ай бұрын
Wait really? @@mully006
@QuizzingHobbit
@QuizzingHobbit 5 жыл бұрын
Password dictionary: 1. password 2. user 3. correcthorsebatterystaple
@Nerizwith
@Nerizwith 4 жыл бұрын
@@rabbabansh I am not and I don't get it.
@georgek4416
@georgek4416 4 жыл бұрын
Wow
@Dexaan
@Dexaan 4 жыл бұрын
hunter2
@nicholasmcmillan5324
@nicholasmcmillan5324 4 жыл бұрын
my password: J1bbbbberb0y418
@NotSoCrazyNinja
@NotSoCrazyNinja 4 жыл бұрын
You would be surprised at just how crappy the average password is. There is a reason websites force users to use passwords of minimum length with letters numbers and sometimes symbols. Router admin passwords tend to almost always be default. When they're not, it's usually very easy to guess. Luckily? in my area, the local ISP supplies routers/models with random passwords by default, but they are listed on the underside of the router/modem. Gain physical access to the router, you can get the credentials. If you have no physical access, I guess it's secure enough.
@RacingAtHome
@RacingAtHome 6 жыл бұрын
"We don't store passwords unencrypted in a database because that's a terrible, terrible idea." You would be surprised.
@mohnishkumar
@mohnishkumar 5 жыл бұрын
Facebook XD
@kat5607
@kat5607 5 жыл бұрын
@@mohnishkumar i was going to reply that too XD
@clappedcheeks3504
@clappedcheeks3504 4 жыл бұрын
@Kappa Chino thought so too. Hashing is irreversible.
@bitTorrenter
@bitTorrenter 4 жыл бұрын
Password Managers
@mostafahassanismail7524
@mostafahassanismail7524 4 жыл бұрын
RacingAtHome the more you know
@OmarMohammed-fy2he
@OmarMohammed-fy2he 3 жыл бұрын
""iloveyoukate" 14:46 he's risking his accounts for you kate. I hope you guys didn't split up 😂
@alpha_wolf_80
@alpha_wolf_80 3 жыл бұрын
I was going to comment the same thing
@ishansheikh3058
@ishansheikh3058 3 жыл бұрын
that guy was not keeping password for sure. he was feeling emotional while doing whatever he was doing. Emotions = Hacked.
@ryanmcgowan3061
@ryanmcgowan3061 3 жыл бұрын
Kate doesn't even know he exists.
@tolep
@tolep 3 жыл бұрын
It is Kate herself, advised by some shrink.
@Luiz997488
@Luiz997488 3 жыл бұрын
The "iloveyoukate" virgin vs the Chad "freakpower1"
@mark..
@mark.. Жыл бұрын
Back in the day, this video (along with your "how to choose a password" video) taught me a huge amount. I think an update could be very valuable for many people. It seems that Lastpass recently lost password vaults for millions of people, which I think will create a lot of interest in this subject.
@RealCaptainAwesome
@RealCaptainAwesome 7 жыл бұрын
So you're saying pA55w0rd is not a good choice?
@virtualfroggy
@virtualfroggy 7 жыл бұрын
Michael Burke no, try password123
@stan2880
@stan2880 7 жыл бұрын
123456 takes the longest to crack
@Tradinghonest
@Tradinghonest 6 жыл бұрын
99999 or zzzzz depending on the algorythm
@Tekrow
@Tekrow 6 жыл бұрын
*hacker voice* I'm in
@stefankrautz9048
@stefankrautz9048 6 жыл бұрын
10^6 combinations (?)
@crispynugget3616
@crispynugget3616 8 жыл бұрын
that awkward moment when you see your password...
@thunderbolt997
@thunderbolt997 7 жыл бұрын
shhhh
@zanidd
@zanidd 6 жыл бұрын
which one was it?
@Shakzey
@Shakzey 6 жыл бұрын
Do you love Kate too?
@Nothing-LV
@Nothing-LV 6 жыл бұрын
Lemme guess qwerty ? Lol
@louisthompson5781
@louisthompson5781 6 жыл бұрын
siksreik heh heh. I saw that
@MaxMakerChannel
@MaxMakerChannel 8 жыл бұрын
Love this guy. He should be teaching.
@Computerphile
@Computerphile 8 жыл бұрын
+Max Musterman he does, at The University of Nottingham ☺️
@ghostlink2027
@ghostlink2027 8 жыл бұрын
That's it, I'm transferring.
@zinkzxd2891
@zinkzxd2891 8 жыл бұрын
Agreed.
@zzyzxyz5419
@zzyzxyz5419 8 жыл бұрын
Paused the video just so I would say the same thing!
@gammelhund
@gammelhund 8 жыл бұрын
Not to mention right here :)
@anonymus3219
@anonymus3219 2 жыл бұрын
I love how the videos have this 'unscripted' feel and they feel like they're real conversations
@ATSGemwolf
@ATSGemwolf 8 жыл бұрын
I'm surprised that Tobey Maguire knows this much about hacking...
@jonm5195
@jonm5195 6 жыл бұрын
I thought he was Elija Wood
@Svendzeen
@Svendzeen 6 жыл бұрын
Well you see... After he lost the role as Spiderman, he had to get a new job. So he became Hackerman :)
@sirdeakia
@sirdeakia 6 жыл бұрын
He did stay a long time on the web though
@forgottenvy
@forgottenvy 6 жыл бұрын
sirdeakia Underrated comment. Why didn't people get this? It's gold.
@DavidVercettiMovies
@DavidVercettiMovies 6 жыл бұрын
I know for sure in that bag with the english flag there's his Spiderman outfit!
@ImAzraa
@ImAzraa 8 жыл бұрын
Just for your information, the "Beast" machine may be fast for a regular home user, but it is incredibly underpowered compared with a server-grade solution for compute workloads. Imagine several racks of servers with 4 cards each. Those are available out there, and regular people can build them too with the right amount of money, or rent time on them for relatively cheap
@atti1120
@atti1120 8 жыл бұрын
kate i think your boyfriends pass is hacked
@TheMrKeksLp
@TheMrKeksLp 8 жыл бұрын
yeah lol
@gunjeetsingh90
@gunjeetsingh90 8 жыл бұрын
Oh no not his boyfriend's.. His secret admirer's
@GaffsNotLaffs
@GaffsNotLaffs 8 жыл бұрын
+Attila U Random characters letter and symbols. around 30+ of them.
@Tim-Jaeger
@Tim-Jaeger 8 жыл бұрын
+Attila U well I was in a house were the password was something like this: 9684263675467468447836794598211636063674678 only the length is the same but I think it is hard to crack
@DaBeastDoesMinecraft
@DaBeastDoesMinecraft 8 жыл бұрын
Mine is something like this 5927592058295712395736189037483194721948271930183 49 random digits.
@BicheTordue
@BicheTordue 4 жыл бұрын
my password is L1pZ7z3qy so it's pretty secure, nobody gonna find out
@esquilax5563
@esquilax5563 4 жыл бұрын
All I see when you enter that is a string of asterisks
@shadowterrarian4073
@shadowterrarian4073 4 жыл бұрын
Thanks for the revelation.
@cactus806
@cactus806 4 жыл бұрын
👌no one will ever now this passwords
@realszn
@realszn 4 жыл бұрын
if u enter ur credit card number it gets blocked see **** **** **** ****
@BicheTordue
@BicheTordue 4 жыл бұрын
@@realszn here's all the number present on my card 54120
@Zero11_ss
@Zero11_ss 6 жыл бұрын
Really good video dude. No silly music or fast cuts and no annotation spam on the screen, subscribed.
@jamesedwards3923
@jamesedwards3923 5 жыл бұрын
I think a lot of video editing courses encourage people to do the music thing. Dude I am hear for the data above else. Not the music. It gets distracting. Even with a lot of gamer videos. I can not stand it. You are trying to focus on the tactics and insights. Like studying with the music blasting. Sometimes it helps, but often it is a distraction.
@firmware1000
@firmware1000 5 жыл бұрын
photographer
@marcusholloway1147
@marcusholloway1147 4 жыл бұрын
Bruh just create a python script that encrypts an input and since only you have this encryption system it's very safe
@Dtr146
@Dtr146 3 жыл бұрын
That's why a lot of websites require you to have a special character and a capital letter. The most common way of doing it is capitalizing the first letter and putting the special character at the end though
@adriannuske
@adriannuske 2 жыл бұрын
@@Dtr146 How did you know my passwords!?
@toddbod94
@toddbod94 7 жыл бұрын
when websites ask for passwords and force you to fit narrow criteria like "must be between 8 and 12 characters and must contain at least 1 number (with no repeating adjacent numbers) and must contain at least 1 capital and 1 special character" are just reducing the search space for hackers.
@thunderbolt997
@thunderbolt997 7 жыл бұрын
but isnt that putting in more variables for computer to check making it harder?
@chrisspencer6502
@chrisspencer6502 7 жыл бұрын
Not really as like he said it relies on use of common words so if your use zWq0£jL3s, there is no logical combination this would occur in words
@usernamesaregay222
@usernamesaregay222 7 жыл бұрын
But If I'm cracking these then I know that 1) I can skip all passwords under 8 and over 12 characters 2) I know that all passwords will have a number so I don't need to try any passwords that don't have them 3) same for capitals and special characters
@dot.5423
@dot.5423 7 жыл бұрын
This comment was aimed at thunderbolt my bad.
@tapwater424
@tapwater424 7 жыл бұрын
There are more combinations of passwords with 8 letters than there are from 1-7 combined. Forcing at least 1 number also increases combinations from 26^8 to 36^8.
@StewartW12
@StewartW12 7 жыл бұрын
A lot of people think "I'm going to go onto some website and test how strong my password is"... Those people are having their password stored away in a database to be added to someone's password dictionary.
@thegambler9994
@thegambler9994 6 жыл бұрын
Either that, or some other third party injected Javascript into the page.
@zacharyjohnson9911
@zacharyjohnson9911 6 жыл бұрын
You can use Fiddler, Wireshark, or your browser's network inspector to see if any web requests are being sent out.
@Josh350
@Josh350 5 жыл бұрын
Which is why I don't use those websites for obvious reasons.
@decycle2912
@decycle2912 5 жыл бұрын
there's a password in my head that I never use lol
@georgek4416
@georgek4416 4 жыл бұрын
Yes.
@wafflejam8284
@wafflejam8284 5 жыл бұрын
11:41 he just dodged that pop up
@briangettingfit4736
@briangettingfit4736 4 жыл бұрын
Dude.
@noclipsize5978
@noclipsize5978 4 жыл бұрын
Dude.
@brunosteffen8173
@brunosteffen8173 4 жыл бұрын
i dont get it ._.
@Tentin.Quarantino
@Tentin.Quarantino 4 жыл бұрын
That's pretty meta!
@pitaya4151
@pitaya4151 4 жыл бұрын
@@brunosteffen8173 The card at the top right pops up at the same time as he moves his head away from it
@MrMKFreak
@MrMKFreak 8 жыл бұрын
You probably DONT want to test your passwords strength on online services that claim to only tell you how good your password is. While most of those services are probably safe to use, you can never know what service is also making it's own little (or huge?) dictionaries with just the awesome and secure passwords you give them to "test" for you.
@FluorescentGreen5
@FluorescentGreen5 7 жыл бұрын
solution: disconnect from the internet before you type your password and close the tab before reconnecting
@fray2748
@fray2748 7 жыл бұрын
Theoretically still insecure
@muabyt7333
@muabyt7333 6 жыл бұрын
Ein Frosch~ howsecureismypassword.net is save. Its fully written in Javascript and you can look for the code yourself
@douwehuysmans5959
@douwehuysmans5959 5 жыл бұрын
Best passwords are sentences like "cow curry diagram!2n;"
@jamesedwards3923
@jamesedwards3923 5 жыл бұрын
What you have to realize. Is that the longer and more complicated your password is. The harder it is for a computer to compromise. Given enough time, energy, and technology. All passwords are easy. Each time an encryption standard is compromised. You migrate to something else. It is a never ending race.
@SweetJP.
@SweetJP. 6 жыл бұрын
I just love this! not only because there's no chance my password will be found, but because even the most hardcore IT dudes in my area (including 2 schools I worked at) use horrible passwords, to secure thousands of pupils' social security numbers etc. At my first job, I demanded that the passwords got changed, or I would not work there as i'd be targetted for irresponsible care, in case we got hacked. Sadly they refused to change and I quit my job.
@jamesedwards3923
@jamesedwards3923 3 жыл бұрын
Smart move.
@GuitaristZep
@GuitaristZep 4 жыл бұрын
this video made me change my password in all my social media accounts, and bank accounts, online games, buy a new house, move to a completely isolated planet and use encrypted network connection that runs through several illegal VPN networks. I am now living happily here in Mars. Thanks.
@കുട്ടൂസൻ-ദ1ണ
@കുട്ടൂസൻ-ദ1ണ 3 жыл бұрын
Nice
@names_are_useless
@names_are_useless 3 жыл бұрын
I know this is a joke comment, but using an illegal, an "untrusted", VPN is a TERRIBLE idea. You could be feeding your Computer Information to Cyber Criminals by connecting to an Untrusted VPN. Something worth thinking about for those wanting to go the Cheap/Free route for VPNs.
@fredthomson3253
@fredthomson3253 3 жыл бұрын
*Thanks_Turnercyber🙏*
@chrism3790
@chrism3790 8 жыл бұрын
I didn't know Peter Parker was a damned hacker.
@usseal922
@usseal922 6 жыл бұрын
I have a theory: in this Alternate Spiderverse, Peter Parker (by Tobey Maguire) got fed up with chasing low-budget criminals in NY, quit his cr*ppy job and moved into the UK. There he developed an English accent, got a degree (and later a PhD) in cybersecurity to protect his new identity and since he already had close relations with the Web ;) So, this would be the origin story of Dr. Mike Pound
@StevenAzari
@StevenAzari 6 жыл бұрын
@@usseal922 Ha I only had to scroll 5 comments to get to here. This makes the op fact.
@BillBodkin
@BillBodkin 6 жыл бұрын
i cant unsee that now
@LafferStyle
@LafferStyle 6 жыл бұрын
I thought he did web design
@VinnieZDX
@VinnieZDX 5 жыл бұрын
Lol
@zyphicx9868
@zyphicx9868 8 жыл бұрын
The best hashing algorithm: Google Translate!
@randomcatdude
@randomcatdude 7 жыл бұрын
Make your password a wikipedia page google translated a dozen times.
@Anankin12
@Anankin12 6 жыл бұрын
RandomCatDude wouldn't work, they update the algorithm too often, those cheeky bastards
@ohad219
@ohad219 6 жыл бұрын
No man Google translate just translates
@danifalkjensen
@danifalkjensen 6 жыл бұрын
@@randomcatdude only 12times do it 100+times a dozen of something is 12 of something
@YouTubeWatcher9000
@YouTubeWatcher9000 6 жыл бұрын
Dani Jensen I think everyone knows what a dozen is
@unixfreak
@unixfreak 6 жыл бұрын
Amazing how far computer processing has come in the past 20 years. I remember messing about with brute force hashing on an i486, and it took forever.
@gothsiN
@gothsiN 4 жыл бұрын
Pausing at 16:38 ma man had a freaking HEX Code as a PW and still got cracked. ahahhahahha damn this guy is so funny and smart. mad respect to u mike.
@potatofuryy
@potatofuryy 3 жыл бұрын
RIP, that’s rough
@gchcom6902
@gchcom6902 2 жыл бұрын
That's not a hex code he set as a password. That's just the program not being able to display the special characters. If you convert the hex code to to ASCII, the password is "kindé"
@gothsiN
@gothsiN 2 жыл бұрын
@@gchcom6902 oohh thanks for that.
@bassmaiasa1312
@bassmaiasa1312 2 жыл бұрын
That doesn't seem like it would be very hard to crack. The character set is just 16 characters. If the person thought he was being clever, there's could be 10 million people who had the same idea and the cracking software has seen it all before. It's probably not much harder to crack than 12345678. I just assume I'm never going to come up with some clever password trick that at least 1 million human beings haven't already thought of.
@buslir2000
@buslir2000 Жыл бұрын
@@gchcom6902 My guess would be kindé (using utf-8)
@CBusschaert
@CBusschaert 8 жыл бұрын
Now I kind of want a video about Lastpass or Dashlane and how these password manager are secure (or not). Seems like the logical follow up.
@treahblade
@treahblade 8 жыл бұрын
I watched a video from DefCON about this sorta thing and actually they are a 2 edged sword. They are bad because then all the attacker has to do is get your database file or hack your password into the password manager, and good because they prevent keyloggers from getting passwords.
@CBusschaert
@CBusschaert 8 жыл бұрын
treahblade I guess so
@Prometheus720
@Prometheus720 8 жыл бұрын
If you use Keepass then you don't have to worry about external security. Only your own files on your own computer. And you need 1 password to be secure. That's it.
@callummunro7380
@callummunro7380 8 жыл бұрын
I've never used a password manager, it seems illogical to have all your passwords behind one password. And where do you store the master password without needing _another_ password?
@yellowdockooo5907
@yellowdockooo5907 8 жыл бұрын
Yep
@GummieI
@GummieI 5 жыл бұрын
15:35 "Now luckily, these leaks happen all the time" Interesting... choice of words ;)
@WofWca
@WofWca 5 жыл бұрын
He's telling how to crack passwords, what do you expect?
@pranavdeshpande4538
@pranavdeshpande4538 4 жыл бұрын
Also that smirk on his face when he said dive That might be his hacker name
@AgglomeratiProduzioni
@AgglomeratiProduzioni 5 жыл бұрын
14:42 "I love you Kate" aww
@georgek4416
@georgek4416 4 жыл бұрын
@@Big_Tex xD
@B88-h6n
@B88-h6n 4 жыл бұрын
cute
@angus6858
@angus6858 4 жыл бұрын
@@Big_Tex and now it's: KateTookEverythingFromMe
@notthatriplguy7276
@notthatriplguy7276 4 жыл бұрын
Unterarzt update: its how kateijustwantthekidsbackplz
@archonjk1196
@archonjk1196 4 жыл бұрын
14:18 "I love you Ivan"
@nbrugman1980
@nbrugman1980 3 жыл бұрын
Mike: "So if your password is 6 characters long, its being cracked right now, and its being cracked quickly" Me:
@rogerio067072
@rogerio067072 3 жыл бұрын
🤣🤣🤣
@TheSystemaSystem
@TheSystemaSystem 3 жыл бұрын
What's your password?
@maybona
@maybona 3 жыл бұрын
thanks just bought some pizza pans from amazon
@Anklejbiter
@Anklejbiter 3 жыл бұрын
My password with 6 characters: *sweating profusely* My password with 31 characters: *hah, mere mortals.*
@Johnof1000Suns
@Johnof1000Suns 3 жыл бұрын
My password is 7 characters long, so take that hackers.
@tompov227
@tompov227 8 жыл бұрын
This guy is my fav Computerphile guy
@questionable-cf1tt
@questionable-cf1tt 4 жыл бұрын
14:47 'ganjagoblin' best password ever, even if it shows up on the cracked list 😂
@JigawattMusic
@JigawattMusic 4 жыл бұрын
420
@Gamer-uf1kl
@Gamer-uf1kl 3 жыл бұрын
Ganja means bald in hindi, so might be the reason
@calanm7880
@calanm7880 3 жыл бұрын
I cracked up when camera focused on that on screen - glad you highlighted it 😀
@arpitpatel5312
@arpitpatel5312 3 жыл бұрын
@@Gamer-uf1kl it also means weed or heroin, not sure which one.
@Gamer-uf1kl
@Gamer-uf1kl 3 жыл бұрын
@@arpitpatel5312 cannabis/marijuana
@Locut0s
@Locut0s 8 жыл бұрын
Can you believe that the bank I use has a MAXIMUM of 6 character length on the passwords used for online banking!? I have complained to them before. But to no avail. And this is not a small bank!
@moute_3
@moute_3 8 жыл бұрын
You should change banks then, they are just begging to have their database leaked.
@jarmo_kiiski
@jarmo_kiiski 8 жыл бұрын
Yep, You'd need to compute 2.8147498*10^14 hashes assuming that the passwords use extended ascii characters and also assuming that you know the hashing algorithm used. (Which can be achieved in a few seconds)
@Thorpe
@Thorpe 8 жыл бұрын
+moute3 Yes but the banks have other forms of authentication, including inputting specific characters of a secret answer and generating codes using your phone or hardware key.
@Correctrix
@Correctrix 8 жыл бұрын
Locut0s That doesn't make sense. That would be a reason for _not mandating_ long passwords. It can't be a reason for _forbidding_ long passwords. The only explanation for the latter is idiocy.
@janh.
@janh. 8 жыл бұрын
Locut0s I have to agree with Correctrix that if what you said is the case, then I can see why they accept weak passwords. But it does not explain why they would prevent experienced users from setting a strong password by having a maximum of 8 characters.
@BenjaminMills
@BenjaminMills 4 жыл бұрын
I've learned (or at least read) about a ton of this stuff, and still, I thought it was Interesting to hear you step through a password attack in addition to hearing how modern tech and modern hacking techniques approach cracking passwords. Thank you sir.
@jampig1884
@jampig1884 6 жыл бұрын
This is why Peter wasn't allowed around computers.
@edwardqueen5791
@edwardqueen5791 5 жыл бұрын
"Forgot my password" "You're receiving this e-mail because you've clicked on 'forgot my password' on our website. Here it is in plain text for anyone to see. Your password is: JustCheckingIfThisWebsiteStoresPasswordsProperly"
@surrealdynamics4077
@surrealdynamics4077 4 жыл бұрын
That's pretty clever right there. Now I have to try doing that. Thanks
@GodKingOfThePlanet
@GodKingOfThePlanet 8 жыл бұрын
ANyone else burst out laughing when they saw someone had used ganjagoblin as their pass?
@s.p9189
@s.p9189 8 жыл бұрын
Your icon almost got me there damn.
@RussellTeapot
@RussellTeapot 8 жыл бұрын
it always get me. the worse is the fly one, I don't know if you never saw that, but *DAMN* each time I try to swipe the screen like a fool
@Blitzcreeper239
@Blitzcreeper239 8 жыл бұрын
+Russell Teapot The spider is facing 45° left, I don't get how it can startle anyone ever since scrolling means it moves upwards diagonally. Won't judge though :/
@s.p9189
@s.p9189 8 жыл бұрын
Well I wasnt scrolling when I was reading the comment but yeah once I scrolled I realized it wasnt real :/
@nathanvanthof866
@nathanvanthof866 8 жыл бұрын
did you see "iloveyoukate" at 14:49?
@nellgwyn2723
@nellgwyn2723 4 жыл бұрын
Really amazing video and quite informative even for curious dummies like me! Honestly it's just fun to watch the guys talk about their passion and learn a little even if i don't get all the details, but it's worth the effort to understand a little more about the technology we all live with.
@ErikOosterwal
@ErikOosterwal 3 жыл бұрын
You can think of "hashing" algorithms, like MD5 or SHA512, as being a secret decoder ring, like the ones you used to get in a box of Alpha Bits, only a bit more sophisticated.
@Bred.wards1
@Bred.wards1 Жыл бұрын
I watched this video when it came out years ago. Recently, my dad passed away and we couldn’t remember his iCloud password to access the photos on his phone and other stuff like that. But I remembered this video, and I went and found password cracking tools for iCloud and was able to use educates guesses and the tools to find the correct password. So thank you for making this video ❤️
@k1ngjulien_
@k1ngjulien_ 8 жыл бұрын
I am wondering how many of the viewers just saw their password in the video ^^
@mikes333
@mikes333 8 жыл бұрын
Totally got mine. 14:46 ILOVEYOUKATE
@thoughtyness
@thoughtyness 8 жыл бұрын
+Mike S I used to have that one only without "you" in it.
@callummunro7380
@callummunro7380 8 жыл бұрын
Everyone loves Kate, that's the problem
@samvid1992
@samvid1992 8 жыл бұрын
18:51 ashishiscool is my friend's password and his name is ashish.
@x1legoman1x
@x1legoman1x 8 жыл бұрын
+Филип Брчић genius XDDDDD
@firen777
@firen777 8 жыл бұрын
5:18 "MD-5 should not be used by anyone ever, EVER again." Meanwhile, in the Yahoo's headquarter...
@jamesedwards3923
@jamesedwards3923 5 жыл бұрын
Amusing.
@benishmael9451
@benishmael9451 5 жыл бұрын
I'm dying 😁
@roninryu6992
@roninryu6992 5 жыл бұрын
Could you help me understand? Was he just checking to see if he could guess the LinkedIn pass words that were stolen? Im trying to understand how this would work for an actual site, because after you try the wrong password several times, you get booted, or blocked, and the user gets notified. How would this actually work? Are they taking these passwords and entering them against a live site? If that is the case wouldnt the hacker get blocked after a few seconds? Plus with 2FA, is this even relevant?
@nilen
@nilen 5 жыл бұрын
Ronin Ryu are you serious? 😂😂😂
@tradeflow5153
@tradeflow5153 5 жыл бұрын
Nils Svanstedt yes I’m serious asshole
@marcuslola
@marcuslola 7 жыл бұрын
14:48 "ganjagoblin" lmao
@williameriksson8767
@williameriksson8767 5 жыл бұрын
marcuslola Thats my password
@rock3tcatU233
@rock3tcatU233 5 жыл бұрын
420 blaze it.
@CryptoData
@CryptoData 5 жыл бұрын
hahahahahahahaha
@Inoculum
@Inoculum 5 жыл бұрын
I am now changing my password to "ganjagoblin"... consequences be damned!
@darkhorsedre
@darkhorsedre 4 жыл бұрын
bro I caught that too - had to left arrow to confirm lol
@MaZe741
@MaZe741 4 жыл бұрын
Fun fact: The odds of you picking the same password as another guy are HIGHER than picking a username that already exists.
@Jay-S04
@Jay-S04 3 жыл бұрын
not if my passwords look like siUn$2$8’clwo!&/ienzla!!:&*’eisnJbdKbs&29,£~*£\’Idk&/9
@jangtheconqueror
@jangtheconqueror 3 жыл бұрын
@@Jay-S04 That's been added to the dictionary now
@PranshuTheGamer
@PranshuTheGamer 3 жыл бұрын
@@Jay-S04 i use keepass, do mine look like that
@verchiel_8295
@verchiel_8295 3 жыл бұрын
Not a fact, but closer to a hypothesis
@xisumavoid
@xisumavoid 8 жыл бұрын
Fantastic video! Loved it :-) Good to know i am doing my passwords right, different one for every site too!
@Zxios
@Zxios 7 жыл бұрын
omg its a wild xisuma comment from 8 months ago!
@Morten_S_Olesen
@Morten_S_Olesen 7 жыл бұрын
LOL i love scrolling through random videos comments and just finding a Xisuma comment with only 5 likes (make it 6) Nice to know that Xisuma watches the same videos as me xD
@nemplayer1776
@nemplayer1776 7 жыл бұрын
Wow, I keep seeing you on a lot of videos... lol
@nemplayer1776
@nemplayer1776 7 жыл бұрын
Morten lol same
@josephlbj
@josephlbj 6 жыл бұрын
You keep following me around everywhere I go!
@professorl4208
@professorl4208 5 жыл бұрын
An update for those of you who are watching this now - I don't know if this wasn't the case back then, but nowadays you use a hash algorithm that is slow by design, like Bcrypt, so that attackers are limited by the speed of the algorithm rather than exclusively by the grade of their hardware.
@_aullik
@_aullik 8 жыл бұрын
you forgot to link in the description
@Computerphile
@Computerphile 8 жыл бұрын
Thanks, now sorted >Sean
@OsamaRana
@OsamaRana 8 жыл бұрын
+Computerphile what is the disadvantage of designing your own hash for your own service? Wouldnt not knowing the hash procedure effectively eliminate the ability to crack passwords by using this method? Thanks.
@rondowar
@rondowar 8 жыл бұрын
+Osama Rana also, often enough if they can get to your database, you should assume your code also isn't safe
@OsamaRana
@OsamaRana 8 жыл бұрын
Thank you everyone for the insightful comments. Ps, I like the phrase "security through obscurity". That was exactly what I was thinking
@liesdamnlies3372
@liesdamnlies3372 8 жыл бұрын
'I like the phrase "security through obscurity".' You got that this is a bad thing, right? Like, really bad? Just checking.
@BlueMountain1992
@BlueMountain1992 4 жыл бұрын
The video that made me change to a password manager. 4 years later and never looked back. Thanks Mike!
@7timus
@7timus 4 жыл бұрын
The moment when Mike reads your password loud and shows it to 2 mil other people just on second random pause... If I could only be as lucky in some other lottery. :(
@Mike-Smith
@Mike-Smith 8 жыл бұрын
I like all Computerphile (and Numberphile) videos, but just wanted to say how great this particular one is. More please from Dr Mike Pound. (And prof Brailsford of course!)
@onee
@onee 7 жыл бұрын
Obviously 123456 is the best password out there. And in case that doesn't work anymore. You just change it to 654321. *Genius!*
@bin4709
@bin4709 6 жыл бұрын
brilliant
@Zooiest
@Zooiest 6 жыл бұрын
No, 12345
@buckiethecat
@buckiethecat 6 жыл бұрын
@@Zooiest No, 1
@Zooiest
@Zooiest 6 жыл бұрын
BuckieTheCat Your password has to be 5-32 characters long.
@kasimshahid6786
@kasimshahid6786 5 жыл бұрын
Thanks what's your email? Lol
@MaZe741
@MaZe741 4 жыл бұрын
Kind of a disappointment that he never mentioned "salting" passwords before hashing them, which makes this attack completely useless if you dont know what salt was used
@Chlorate299
@Chlorate299 3 жыл бұрын
And even if you *do* know what salt was used, computing rainbow tables *per user* would take a substantial amount of time for a large dictionary.
@_piulin_
@_piulin_ 3 жыл бұрын
you mean pepper. salt is saved with the hash, so it just slows you down (a bit).
@kalebbruwer
@kalebbruwer 3 жыл бұрын
@@_piulin_ A salt wouldn't slow you down if you're attacking a specific user, but it would make the attack difficult to generalize since every user has a different salt and the passwords you test must have the salt at the end.
@_piulin_
@_piulin_ 3 жыл бұрын
@@kalebbruwer I know, that's what I meant. If you hacked a server and got the hash file, then it's way slower when it's salted to interpret all the hashes, so you can sell them.
@budjy1
@budjy1 8 жыл бұрын
14:47 "ganjagoblin" XD
@zanidd
@zanidd 6 жыл бұрын
apparently a common password
@mikymuky1171
@mikymuky1171 6 жыл бұрын
14:45 iloveyoukate Me too. Me too....
@locke103
@locke103 6 жыл бұрын
i smiled at linkgundam, amusingly enough.
@thomashuang5053
@thomashuang5053 6 жыл бұрын
Gaijin
@thedangerousjitu694
@thedangerousjitu694 5 жыл бұрын
lol, ganja
@mctooch
@mctooch 7 жыл бұрын
I love these videos. This guy is such a great teacher. Thank you!
@bhavik.knight
@bhavik.knight 5 жыл бұрын
"We don't save password unencrypted." Facebook left the chat 😂🤣
@jamesedwards3923
@jamesedwards3923 5 жыл бұрын
Hence why you change your password at least once a year.
@anatolfigeac4645
@anatolfigeac4645 5 жыл бұрын
Lol
@jamesedwards3923
@jamesedwards3923 5 жыл бұрын
You would be surprised how long some passwords can be if the service allows it.
@BlackVogel1
@BlackVogel1 4 жыл бұрын
Talk-Power removed
@anel3423
@anel3423 4 жыл бұрын
They encrypts the passwd ( I guess)
@cuttlefishn.w.2705
@cuttlefishn.w.2705 4 жыл бұрын
Anybody else come back to this video, not to learn anything, but because this guy's voice is just so soothing?
@fdk7014
@fdk7014 8 жыл бұрын
No mention of password salting?
@black_platypus
@black_platypus 8 жыл бұрын
Are you talking about permutating your actual passwords, or salting the hashes before storing them in a database?
@IceMetalPunk
@IceMetalPunk 8 жыл бұрын
That's in the Tom Scott video about storing passwords.
@koori049
@koori049 8 жыл бұрын
they weren't talking about securing servers they were talking about how to crack the passwords. adding salt doesnt protect at all against the attack he used, it just makes him repeat the attack for the group of paswords with a particular salt. That would be a great followup though.
@KhalilEstell
@KhalilEstell 8 жыл бұрын
Or peppering.
@Diggnuts
@Diggnuts 8 жыл бұрын
koori049 "it just makes him repeat the attack for the group of paswords with a particular salt" Well, yes, if you know the salting method you could have a guess, but the most basic of static salts can make the most awful password extremely hard to brute-force, at least as long as the salt it unknown.
@17Haxor17
@17Haxor17 8 жыл бұрын
I like these kind of practical videos better than the theoretical ones.
@omegagamingalpha3253
@omegagamingalpha3253 7 жыл бұрын
CEO :some of our employees might want to play doom on the server. Engineer: *installs 4 Titan Xs*
@mikeg3660
@mikeg3660 3 жыл бұрын
Scary… never thought about the hashes being stolen and put into a single file for this type of repetitive attack… defeats the thought of locking an account after a few failed attempts. Learned something again from this channel…. Thank you!
@thebritishindian1
@thebritishindian1 3 жыл бұрын
I could also never understand how passwords were brute force hacked when most services lock you out after 3 attempts. It never occurred to me that most of these databases are hacked off-line! This was a great video.
@AJ-kj1go
@AJ-kj1go 8 жыл бұрын
Did computerphile stop asking tom scott to do videos for some reason?
@ericsbuds
@ericsbuds 8 жыл бұрын
he does have his own channel and probably takes up a lot of his time! check him out its pretty cool stuff.
@Chris-jo1zr
@Chris-jo1zr 8 жыл бұрын
I believe he said he'd not do too many more as he didn't know as much as some people on subjects.
@AJ-kj1go
@AJ-kj1go 8 жыл бұрын
Chris Gough ty
@mistermuffin710
@mistermuffin710 8 жыл бұрын
Ikr! I love his videos on Computerphile!
@FaelCacilhas
@FaelCacilhas 8 жыл бұрын
I actually stopped watching Computerphile so much and started watching his channel...
@exm3266
@exm3266 7 жыл бұрын
7:54 Top row: "xiaojiji" At first I was going to say, *wow, they've got it all in this system* , but then realized that that was probably one of the first things that got put in the database.
@Packerr
@Packerr 6 жыл бұрын
14:47 Shoutout to ganjagoblin
@dishant8126
@dishant8126 4 жыл бұрын
Ganja means Bald in Hindi so it reads as baldgoblin
@sellem3
@sellem3 4 жыл бұрын
@@dishant8126 yea i bet thats what he had in mind
@princewilllucas3233
@princewilllucas3233 4 жыл бұрын
There is nothing like impossible to hack in this digital world. For any hack related issue Contact @cybersquad047 on Instaqram, Cybersquad047@gmail.comthanks to them I found out the truth about my spouse
@codinghub3759
@codinghub3759 4 жыл бұрын
@@dishant8126 I knew that... That was what I was thinking
@dylandowdy3687
@dylandowdy3687 4 жыл бұрын
"I've been running it about ... 18:15 checks wrist ... "10 seconds now" not wearing a watch and looked completely serious XD XD XD
@gtc4189
@gtc4189 4 жыл бұрын
XD XD XD almost as if it could potentially just be habit and he clearly realized instantly he didn't have a wrist watch on at the moment XD XD XD
@kelpkelp5252
@kelpkelp5252 4 жыл бұрын
@@gtc4189 XD XD XD
@Sackguy
@Sackguy 4 жыл бұрын
Plot twist: he didnt havr a wirst at all
@kelpkelp5252
@kelpkelp5252 4 жыл бұрын
Wurst.
@jessicahsmith4815
@jessicahsmith4815 3 жыл бұрын
I recover my instagram account back through *hackerlouis05* on instagram he’s legit and reliable 🏻 🏻 🏻 Contact @hackerlouis05 on Instagram for your hacking services he’s legit and reliable
@-._.--._.--._.--._.--._.--._.-
@-._.--._.--._.--._.--._.--._.- 8 жыл бұрын
"Change your hashes to something like SHA512 really quickly" Rather recommend bcrypt or something of the like.
@talideon
@talideon 8 жыл бұрын
You need many, many more upvotes.
@fdagpigj
@fdagpigj 8 жыл бұрын
Or just use Secure Remote Password and not have to worry about your database getting leaked?
@fdagpigj
@fdagpigj 8 жыл бұрын
Cíat Ó Gáibhtheacháin I feel like I'm missing something obvious, but why do you need to store users' passwords?
@jurek-zz3un
@jurek-zz3un 8 жыл бұрын
rsa 4096
@talideon
@talideon 8 жыл бұрын
***** You don't store the passwords: you store something for checking if a password is valid.
@theomc1488
@theomc1488 5 жыл бұрын
Imagine being at university and using password "tictac98".
@georgek4416
@georgek4416 4 жыл бұрын
ok
@user-gl5qp4wf5q
@user-gl5qp4wf5q 4 жыл бұрын
I used BigPeen6969 as my password
@Xtoff
@Xtoff 4 жыл бұрын
CanIEatYourCat? Was one my younger self used for everything. No login ever gave me an answer
@AugustusBohn0
@AugustusBohn0 3 жыл бұрын
most people, even supposed smart people, see the whole concept of setting a password as a nuisance rather than a necessity to prevent misuse of their account.
@cuttlefishn.w.2705
@cuttlefishn.w.2705 4 жыл бұрын
"If it's stored in plaintext, then all bets are off" I have all my passwords encrypted with Caesar's cypher! Beat that!
@surrealdynamics4077
@surrealdynamics4077 4 жыл бұрын
Now that's clever!
@arrowb.8438
@arrowb.8438 4 жыл бұрын
Pah! I store my passwords using an enigma machine, weak!
@asdfhklljfztvvw3686
@asdfhklljfztvvw3686 4 жыл бұрын
@@arrowb.8438 dasoberkommandoderwehrmacht...
@yuvneesh
@yuvneesh 4 жыл бұрын
Arrow B. Enigma is broken. I use SIGABA
@remasteredretropcgames3312
@remasteredretropcgames3312 4 жыл бұрын
Laughs in quantum computing.
@kevinwestrom4775
@kevinwestrom4775 4 жыл бұрын
This video needs to be updated, to be shown at current levels of computer technology with the most modern CPUs & GPUs widely available to everyone.
@pauljmorton
@pauljmorton 8 жыл бұрын
How would a website change from using a hash algorithm to using another algorithm? Since they can't be directly unhashed. Update each password per user as soon as they log in?
@GLRaema
@GLRaema 8 жыл бұрын
probably ask the user to create a new password when they log in
@AndrewMeyer
@AndrewMeyer 8 жыл бұрын
Hash the existing password hashes a second time with the new algorithm, then update to use _just_ the new algorithm next time they log in.
@DKRCecer
@DKRCecer 8 жыл бұрын
That's a fairly common method, yeah. And if there are any concerns that the data has been compromised then most sites will force you to change your password when you next login and store that.
@mikstratok
@mikstratok 8 жыл бұрын
hash the hash
@mursie100
@mursie100 8 жыл бұрын
This is actually scary, I have a LinkedIn account and I use the same password fo many other sites. I will change all my passwords after writing this comment, and you should do too.
@gblargg
@gblargg 8 жыл бұрын
Just don't change all your passwords to a single new one hah.
@icedragon769
@icedragon769 8 жыл бұрын
Use a password manager. It can change them all for you automatically, and all to different passwords, and all to extremely secure passwords.
@dkmg
@dkmg 8 жыл бұрын
Friends. Use KeePass, it's free, open source and multiplatform. Change all your passwords. Use unique password per site. Let me know if you have any questions.
@DavidWillanski
@DavidWillanski 8 жыл бұрын
The only password I know is the one that unlocks my Keepass database.
@dkmg
@dkmg 8 жыл бұрын
I have KeePass on my computer and KeePass2Android on my phone. Install Dropbox to both pc and phone. Save your database or database copy there so it can be access in your pc and mobile.
@kenbobcorn
@kenbobcorn 8 жыл бұрын
That awkward moment when your own password shows up on screen.
@darkdaegurth
@darkdaegurth 6 жыл бұрын
Did you used mycubana too?
@michaelbodine6142
@michaelbodine6142 6 жыл бұрын
Gee I wonder if MR. Putin knows him ; SIR???
@Zooiest
@Zooiest 6 жыл бұрын
12345?
@TransSappho
@TransSappho 4 жыл бұрын
This is the exact video which convinced me to use much better passwords that are immune to just about every attack
@noxim_
@noxim_ 8 жыл бұрын
Ill crack numberphile account now. Hold my beer
@CircularEntertain
@CircularEntertain 8 жыл бұрын
Currently, for attacks on youtubers, the trend seems to be abusing a weakness with two factor auth. through social engineering. See H3h3.
@zirize
@zirize 8 жыл бұрын
The Other Other Yeah, they are using poor customer service of youtuber's mobile company. Issuing new sim cards then obtain youtuber's accounts.
@skate2late
@skate2late 8 жыл бұрын
"Hello my name is Tom Scott and I need a new SIM card"
@Betacak3
@Betacak3 8 жыл бұрын
Is there any reason why some sites enforce a maximum password length? Hashes are usually fixed-size, so long passwords won't take up more space in the database.
@Diggnuts
@Diggnuts 8 жыл бұрын
Because shorter is easier to guess.. In 2016 nobody is worried if your passwords takes up 8 bytes of 8000 bytes really.
@Ccb780
@Ccb780 8 жыл бұрын
To increase entropy, which is the amount of possible activity of difference between different nodes (in this case possible characters in your password); if a password doesn't have too many possible guesses from the start, it will limit the amount of entropy at the end of the hashing process. Around 6:30 he talks about how it's easier to brute force lower case only passwords, that's because there isn't much entropy. That's why the websites want a varying amount of characters, like capital which effectively doubles the entropy at just the first step (without hashing, or plain text). But the thing is complexity can only go so far, because there is a limited amount of characters you can choose from on your keyboard, so the entropy increase is sort of logarithmic (starts off steep increase, but dies off quickly). But there is another way to increase entropy: length, which in fact increases entropy exponentially (another letter pushes it to a whole other level of entropy because that's one more exact letter that needs to be accounted for, which may take the machine a couple thousand or quadrillion runs around the track of checking your password). It's all about entropy and increasing it, because that makes it harder for anything to guess your password.
@Betacak3
@Betacak3 8 жыл бұрын
Chris Bernard I'm sorry you spent so much time writing that comment, but I was talking about a maximum, not a minimum length.
@Diggnuts
@Diggnuts 8 жыл бұрын
***** Ha misread that as well! I don't know? aesthetics perhaps? Now that you mention it, why not copy paste a unique binary file as a password!. Crack that!
@Betacak3
@Betacak3 8 жыл бұрын
Diggnuts Exactly.
@typicalhog
@typicalhog 4 жыл бұрын
Imagine seeing your password getting cracked in this video...
@shakeelforester4430
@shakeelforester4430 3 жыл бұрын
Since about 2015 i've had 12 character passwords with numbers, uppercase, lowercase and symbols. So glad I did that
@SchubertDipDab
@SchubertDipDab 5 жыл бұрын
Really love this presentation style. More in-depth stuff please especially with exploits!
@Dracolith1
@Dracolith1 8 жыл бұрын
MD5/SHA1/SHA256/SHA512 are Not designed for hiding passwords, never were; they're fast hashes, you need a key-stretching algorithm. MD5-Crypt (The Poul-Henning Kamp algorithm) used by Linux and BSD were more suitable for password storage and still much harder than MD5. Suitable modern algorithms are PBKDF2 or BCRYPT with proper number rounds and work factor.
@3dsboy08
@3dsboy08 8 жыл бұрын
You should be using the new winner of the Password Hashing Completion, Argon2.
@DrunkenUFOPilot
@DrunkenUFOPilot 4 жыл бұрын
[jaw drops] you mean... my password, "cat", is weak??! Darn.
@Wyld1one
@Wyld1one Жыл бұрын
it's been six years. so what hardware is used now? like to see the diffrence
@2rotten4you
@2rotten4you 6 ай бұрын
a year late but usually i believe some hackers will buy 4090s with ill gotten gains really depends on how much money the attacker has
@Rider0fBuffalo
@Rider0fBuffalo 5 жыл бұрын
"We don't store passwords unencrypted... That is a terrible, terrible thing to do"... Facebook.
@edwinadeya6197
@edwinadeya6197 4 жыл бұрын
My password one was cracked with out any software, Me: let's make it harder Him: is it password two Me: how did you do that
@alfonsokenjiprayogo5613
@alfonsokenjiprayogo5613 4 жыл бұрын
Why does the british lecturer always look like a Counter-Stirik Hostage.
@jessicahsmith4815
@jessicahsmith4815 3 жыл бұрын
I recover my instagram account back through *hackerlouis05* on instagram he’s legit and reliable 🏻 🏻 🏻 Contact @hackerlouis05 on Instagram for your hacking services he’s legit and reliable
@alfonsokenjiprayogo5613
@alfonsokenjiprayogo5613 3 жыл бұрын
@@jessicahsmith4815 thanks, Jessica Smith, Very cool.
@topsunnn
@topsunnn 3 жыл бұрын
Omega lul
@JuanPablodelaTorre
@JuanPablodelaTorre 4 жыл бұрын
Developers, please, whatever hash function you are using, please salt your passwords properly. It's really important.
@JuanPablodelaTorre
@JuanPablodelaTorre 3 жыл бұрын
@@RiDankulous The password is not the important part. No matter how long or random your password is, if someone finds the hash and the developers didn't salt it, that person could use a rainbow table to find a password that matches the hash and access your account. Hashes are bound to have collisions at some point.
@Nowise10
@Nowise10 8 жыл бұрын
So who's passwords are being shown/figured out using Hashcat?
@americanswan
@americanswan 8 жыл бұрын
How about you do a computerphile on SQRL? ^^
@americanswan
@americanswan 8 жыл бұрын
Computerphile explaining Steve Gibson's SQRL
@koori049
@koori049 8 жыл бұрын
The more exposure it gets the sooner we get to use it for our google login!
@maciej-36
@maciej-36 8 жыл бұрын
Well, first he has to release it...
@JoesApartment
@JoesApartment 8 жыл бұрын
Yeah, computerphile does SQRL would be awesome.
@koori049
@koori049 8 жыл бұрын
***** Someday
@timekiller11
@timekiller11 4 жыл бұрын
Yep, 3 years ago... I heard they fixed that and now password1 is back to be a legitimate password.
@BobbyBike
@BobbyBike 3 жыл бұрын
Thanks for the update. I can finally get rid of the capital letter in mine.
@Bacon420
@Bacon420 4 жыл бұрын
150gb password file + hashcat using your video card GPU = any password in minutes. I use the process in the last step to getting all my neighbors wifi passwords, though the possibilities are unlimited. I can do it from anywhere with a $13 wifi card on Amazon.. I felt so gangster when it worked so well right away. Oh wow, I was typing this up before you really got into it. hahah you just explained some hashcat! Nice. To compare, the same process took 3-10 days in 1998. Now it's about 3-10 min for a great password. I was a wireless network engineer.
@user-tf7jy7xg7s
@user-tf7jy7xg7s 5 жыл бұрын
The second I see an email saying “your password was changed” ima make all my passwords unique 1000 character length
@waves_under_stars
@waves_under_stars 5 жыл бұрын
just use a password manager
@BreadMan434
@BreadMan434 5 жыл бұрын
@@waves_under_stars Even a simple 8 digit password generated using all possible ASCII characters (81) All possible combinations would be 81^8 is 1,853,020,200,000,000 possible combinations. When it's completely random with no possible way to use a Dictionary attack, and it must be guessed from the ground up. It would take literally centuries for a standard home computer to crack. And even months for a super computer like Computer Philes "Beast" with its 400 billion guesses
@BreadMan434
@BreadMan434 5 жыл бұрын
@@waves_under_stars Set it above 15 digits long, completely random, and it is practically uncrackable unless they were to use some Gigantic botnet utilizing all their GPU's
@waves_under_stars
@waves_under_stars 5 жыл бұрын
@@BreadMan434 but then the problem is remembering dozen 15 digit completely random passwords. And the answer is writing them all in a txt file, encrypting it with a strong master password and remembering only the master password. Or just use a password manager. It's essentially the same but better
@jamesedwards3923
@jamesedwards3923 5 жыл бұрын
@@waves_under_stars I have learned between offline and online life. That most people are lazy.
@wbfaulk
@wbfaulk 3 жыл бұрын
"Let's show you an example dictionary." cd: No such file or directory (11:55)
@DrunkenUFOPilot
@DrunkenUFOPilot 4 жыл бұрын
Then there's the "Forgot your password?" feature on most sites that I'm sure can be used by identity thieves without needing a dozen RTX2080s.
@bananya6020
@bananya6020 4 жыл бұрын
@@Abanmy well people often use the same password for their email as every other site...
@thedarkplay3414
@thedarkplay3414 3 жыл бұрын
It's real we use almost the same password for all social media
@albertnewton8296
@albertnewton8296 4 жыл бұрын
Computerphile: "Everyone's passwords are terrible" Me: *laughs in memorised password with more than 175 characters*
@codydabest
@codydabest 3 жыл бұрын
Howmuchwoodcouldawoodchuckchuckifawoodchuckcouldchuckwood?Howmuchwoodcouldawoodchuckchuckifawoodchuckcouldchuckwood?Howmuchwoodcouldawoodchuckchuckifawoodchuckcouldchuckwood? boom roasted
@tarcal87
@tarcal87 7 жыл бұрын
18:51 gezamacska :D :D any Hungarian watching this? (Géza is a male name, macska is cat, so obviously the name of his pet, probably thinking it's secure because it's foreign words, who could internationally crack it. Well...)
@runakovacs4759
@runakovacs4759 6 жыл бұрын
megszentségtelenitettlenségeskedéseitekért!
@minecraftgameplayshungaria7307
@minecraftgameplayshungaria7307 6 жыл бұрын
lol
@ameliepoulet1566
@ameliepoulet1566 5 жыл бұрын
And monamireda means my friend Reda (a fairly common arab/Moroccan name) in french. And so ashishiscool... Did he just tell us his dealer's name? 😏
@DrRChandra
@DrRChandra 8 жыл бұрын
Are rainbow tables still a useful thing?
@notmyname5449
@notmyname5449 8 жыл бұрын
Wondering aswell
@Seegalgalguntijak
@Seegalgalguntijak 8 жыл бұрын
And if you have a list of hashes without knowing the salt, the method described in this video doesn't work either.
@ShaunHusain
@ShaunHusain 8 жыл бұрын
ah I should have scrolled down same question
@DrRChandra
@DrRChandra 8 жыл бұрын
Shaun Husain , I don't blame you one bit. The YT commenting system is a cesspool of JavaScript which obscures a lot in the name of "well, people only want to see the latest" (and other such dimwittedness). There is no search function (of which I'm aware anyway), so to search through any more than about 10 comments is a very time consuming exercise, with all the "view all X comments" and "read more"s. So it's nearly futile to use a browser's search function to see if something has been covered already. I have no doubt left comments that were redundant, because finding one that I can simply plus-one/thumbs up is, unfortunately, exceedingly tedious.
@jonathankennedy8392
@jonathankennedy8392 8 жыл бұрын
I think one of the points here is that MD5 hashing is so fast on modern CPU/GPUs, you don't even need rainbow tables for a effective attack. If we are talking about harder/slower hashing algorithms, like those recommended; rainbow tables would still be an effective attack against non-salted passwords.
@eddievhfan1984
@eddievhfan1984 7 жыл бұрын
Always gotta season with that salt, though. An important part of the recipe when making a hash.
@jamesedwards3923
@jamesedwards3923 5 жыл бұрын
Correct.
@emperorcyber509
@emperorcyber509 5 жыл бұрын
salt and pepper makes a well seasoned secure hash
@georgek4416
@georgek4416 4 жыл бұрын
ok, what is that salt?
@georgek4416
@georgek4416 4 жыл бұрын
@ Thanks for explaining.
@Jack-Lack
@Jack-Lack 4 жыл бұрын
16:30 As it displays passwords from the rockyou database, I'm seeing a password that starts with "qwerty" quite a lot. In fact, at one point at 16:34, there was a run of 3 of them within 5 results.
@Huwarf
@Huwarf 8 жыл бұрын
Why are people referring to hashing as encryption? I've learned from studying security that's wrong. Hashing is only one-way and encryption is 2 way.
@informant09
@informant09 8 жыл бұрын
Thats right. But hashing is sometimes used in encryption, to check if the content was modified or not for example.
@TheMan83554
@TheMan83554 8 жыл бұрын
I think the term "Encryption" has been generalized, hashing is a one way subtype of encryption.
@michaelpound9891
@michaelpound9891 8 жыл бұрын
It's worth thinking of them as different things, but technically hashing is considered a cryptographic primitive along with asymmetric and symmetric encryption. Of course, all three have varied uses, but you can also convert these primitives to others. A feistel cipher, for instance, can turn one way hashing functions into two way symmetric encryption.
@Betacak3
@Betacak3 8 жыл бұрын
I usually say "encryption" when I'm talking to someone who maybe doesn't know what "hashing" means. It may not be accurate, but it gets the point across.
@porteal8986
@porteal8986 8 жыл бұрын
yes, but hashing is cryptography, and people tend to get cryptography and encryption confused
@tommyjenga5976
@tommyjenga5976 3 жыл бұрын
If I've learned anything from this video, it's that you shouldn't store your passwords in plain text-- hash them using MD5.
@jjlred9653
@jjlred9653 3 жыл бұрын
other than him specifically stating NOT to use MD5 lol
@Monstexitus
@Monstexitus 8 жыл бұрын
"iloveyoukate" - what a romantic password.
@koori049
@koori049 8 жыл бұрын
its so romantic to have your bank account hacked because you used a weak password. DX5Yc7Uu]&vM%;P+sI`1Fxsw)[g>Mcf=p["F^I~i.:ohuK{S?`EzSZ0e0
@robo3007
@robo3007 8 жыл бұрын
Maybe Kate's password was the "iloveyouivan" you see at 14:18. How sweet!
@wickedwolf8438
@wickedwolf8438 3 жыл бұрын
i love the vibe this guy has about this stuff
@jessicahsmith4815
@jessicahsmith4815 3 жыл бұрын
I recover my instagram account back through *hackerlouis05* on instagram he’s legit and reliable 🏻 🏻 🏻 Contact @hackerlouis05 on Instagram for your hacking services he’s legit and reliable
@wickedwolf8438
@wickedwolf8438 3 жыл бұрын
@@jessicahsmith4815 imagine actually making a fake account to self promote to the people who doesn't care :D...(especially to those who can "recover instagram account" themselves ; ))
How WanaCrypt Encrypts Your Files - Computerphile
17:22
Computerphile
Рет қаралды 368 М.
How Password Managers Work - Computerphile
12:09
Computerphile
Рет қаралды 469 М.
Twin Telepathy Challenge!
00:23
Stokes Twins
Рет қаралды 129 МЛН
Farmer narrowly escapes tiger attack
00:20
CTV News
Рет қаралды 13 МЛН
coco在求救? #小丑 #天使 #shorts
00:29
好人小丑
Рет қаралды 63 МЛН
What type of pedestrian are you?😄 #tiktok #elsarca
00:28
Elsa Arca
Рет қаралды 38 МЛН
Hacking Complex Passwords with Rules & Munging
16:55
John Hammond
Рет қаралды 109 М.
AI "Stop Button" Problem - Computerphile
20:00
Computerphile
Рет қаралды 1,3 МЛН
Diceware & Passwords - Computerphile
10:56
Computerphile
Рет қаралды 306 М.
The Coolest System32 Programs You've Probably Never Heard Of
18:45
How to Choose a Password - Computerphile
11:33
Computerphile
Рет қаралды 1,2 МЛН
How NOT to Store Passwords! - Computerphile
9:24
Computerphile
Рет қаралды 2,3 МЛН
Password Storage Tier List: encryption, hashing, salting, bcrypt, and beyond
10:16
Slow Loris Attack - Computerphile
8:25
Computerphile
Рет қаралды 1 МЛН
Cracking Enigma in 2021 - Computerphile
21:20
Computerphile
Рет қаралды 2,5 МЛН
Twin Telepathy Challenge!
00:23
Stokes Twins
Рет қаралды 129 МЛН