an unending password? youre gonna crash the db~ space limit

clever boy

Well not hashable. Nice try

Big brain time

big brain

I was going to comment the same thing

that guy was not keeping password for sure. he was feeling emotional while doing whatever he was doing. Emotions = Hacked.

Kate doesn't even know he exists.

It is Kate herself, advised by some shrink.

The "iloveyoukate" virgin vs the Chad "freakpower1"

Well, that's not a very fair comparison, is it? Computers are, at their core, all made for mathematical functions. Humans, on the other hand, are not. When it comes to "close enough," humans are generally better.

@@uniqueusername_ Oh really? I thought i could run through a 40bil database that is stored in my head. *Heavy sarcasme.*

Remember it was built by human

uniqueusername_1024 R/FUCKINGWOOOOOOOOSH

@@uniqueusername_ r/whoooosh

+Max Musterman he does, at The University of Nottingham ☺️

That's it, I'm transferring.

Agreed.

Paused the video just so I would say the same thing!

Not to mention right here :)

@@rabbabansh I am not and I don't get it.

Wow

hunter2

my password: J1bbbbberb0y418

You would be surprised at just how crappy the average password is. There is a reason websites force users to use passwords of minimum length with letters numbers and sometimes symbols. Router admin passwords tend to almost always be default. When they're not, it's usually very easy to guess. Luckily? in my area, the local ISP supplies routers/models with random passwords by default, but they are listed on the underside of the router/modem. Gain physical access to the router, you can get the credentials. If you have no physical access, I guess it's secure enough.

Facebook XD

@@mohnishkumar i was going to reply that too XD

@Kappa Chino thought so too. Hashing is irreversible.

Password Managers

RacingAtHome the more you know

I think a lot of video editing courses encourage people to do the music thing. Dude I am hear for the data above else. Not the music. It gets distracting. Even with a lot of gamer videos. I can not stand it. You are trying to focus on the tactics and insights. Like studying with the music blasting. Sometimes it helps, but often it is a distraction.

photographer

Bruh just create a python script that encrypts an input and since only you have this encryption system it's very safe

That's why a lot of websites require you to have a special character and a capital letter. The most common way of doing it is capitalizing the first letter and putting the special character at the end though

@@Dtr146 How did you know my passwords!?

Michael Burke no, try password123

123456 takes the longest to crack

99999 or zzzzz depending on the algorythm

*hacker voice* I'm in

10^6 combinations (?)

Can you suggest me any such videos

For one thing the 4x Titan X GPU he has are are roughly equivalent to an RTX 4070 which is a ~$700 GPU. The modern equivalent of his system (say 4x 4090) is around 50 time faster than his system.

Wait really? @@mully006

shhhh

which one was it?

Do you love Kate too?

Lemme guess qwerty ? Lol

siksreik heh heh. I saw that

I thought he was Elija Wood

Well you see... After he lost the role as Spiderman, he had to get a new job. So he became Hackerman :)

He did stay a long time on the web though

sirdeakia Underrated comment. Why didn't people get this? It's gold.

I know for sure in that bag with the english flag there's his Spiderman outfit!

Smart move.

Either that, or some other third party injected Javascript into the page.

You can use Fiddler, Wireshark, or your browser's network inspector to see if any web requests are being sent out.

Which is why I don't use those websites for obvious reasons.

there's a password in my head that I never use lol

Yes.

but isnt that putting in more variables for computer to check making it harder?

Not really as like he said it relies on use of common words so if your use zWq0£jL3s, there is no logical combination this would occur in words

But If I'm cracking these then I know that 1) I can skip all passwords under 8 and over 12 characters 2) I know that all passwords will have a number so I don't need to try any passwords that don't have them 3) same for capitals and special characters

This comment was aimed at thunderbolt my bad.

There are more combinations of passwords with 8 letters than there are from 1-7 combined. Forcing at least 1 number also increases combinations from 26^8 to 36^8.

Nice

I know this is a joke comment, but using an illegal, an "untrusted", VPN is a TERRIBLE idea. You could be feeding your Computer Information to Cyber Criminals by connecting to an Untrusted VPN. Something worth thinking about for those wanting to go the Cheap/Free route for VPNs.

*Thanks_Turnercyber🙏*

All I see when you enter that is a string of asterisks

Thanks for the revelation.

👌no one will ever now this passwords

if u enter ur credit card number it gets blocked see **** **** **** ****

@@realszn here's all the number present on my card 54120

yeah lol

Oh no not his boyfriend's.. His secret admirer's

+Attila U Random characters letter and symbols. around 30+ of them.

+Attila U well I was in a house were the password was something like this: 9684263675467468447836794598211636063674678 only the length is the same but I think it is hard to crack

Mine is something like this 5927592058295712395736189037483194721948271930183 49 random digits.

You can think of "hashing" algorithms, like MD5 or SHA512, as being a secret decoder ring, like the ones you used to get in a box of Alpha Bits, only a bit more sophisticated.

He's telling how to crack passwords, what do you expect?

Also that smirk on his face when he said dive That might be his hacker name

Dude.

Dude.

i dont get it ._.

That's pretty meta!

@@brunosteffen8173 The card at the top right pops up at the same time as he moves his head away from it

omg its a wild xisuma comment from 8 months ago!

LOL i love scrolling through random videos comments and just finding a Xisuma comment with only 5 likes (make it 6) Nice to know that Xisuma watches the same videos as me xD

Wow, I keep seeing you on a lot of videos... lol

Morten lol same

You keep following me around everywhere I go!

That's pretty clever right there. Now I have to try doing that. Thanks

solution: disconnect from the internet before you type your password and close the tab before reconnecting

Theoretically still insecure

Ein Frosch~ howsecureismypassword.net is save. Its fully written in Javascript and you can look for the code yourself

Best passwords are sentences like "cow curry diagram!2n;"

What you have to realize. Is that the longer and more complicated your password is. The harder it is for a computer to compromise. Given enough time, energy, and technology. All passwords are easy. Each time an encryption standard is compromised. You migrate to something else. It is a never ending race.

🤣🤣🤣

What's your password?

thanks just bought some pizza pans from amazon

My password with 6 characters: *sweating profusely* My password with 31 characters: *hah, mere mortals.*

My password is 7 characters long, so take that hackers.

Make your password a wikipedia page google translated a dozen times.

RandomCatDude wouldn't work, they update the algorithm too often, those cheeky bastards

No man Google translate just translates

@@randomcatdude only 12times do it 100+times a dozen of something is 12 of something

Dani Jensen I think everyone knows what a dozen is

I watched a video from DefCON about this sorta thing and actually they are a 2 edged sword. They are bad because then all the attacker has to do is get your database file or hack your password into the password manager, and good because they prevent keyloggers from getting passwords.

treahblade I guess so

If you use Keepass then you don't have to worry about external security. Only your own files on your own computer. And you need 1 password to be secure. That's it.

I've never used a password manager, it seems illogical to have all your passwords behind one password. And where do you store the master password without needing _another_ password?

Yep

@@Big_Tex xD

cute

@@Big_Tex and now it's: KateTookEverythingFromMe

Unterarzt update: its how kateijustwantthekidsbackplz

14:18 "I love you Ivan"

RIP, that’s rough

That's not a hex code he set as a password. That's just the program not being able to display the special characters. If you convert the hex code to to ASCII, the password is "kindé"

@@gchcom6902 oohh thanks for that.

That doesn't seem like it would be very hard to crack. The character set is just 16 characters. If the person thought he was being clever, there's could be 10 million people who had the same idea and the cracking software has seen it all before. It's probably not much harder to crack than 12345678. I just assume I'm never going to come up with some clever password trick that at least 1 million human beings haven't already thought of.

@@gchcom6902 My guess would be kindé (using utf-8)

Amusing.

I'm dying 😁

Could you help me understand? Was he just checking to see if he could guess the LinkedIn pass words that were stolen? Im trying to understand how this would work for an actual site, because after you try the wrong password several times, you get booted, or blocked, and the user gets notified. How would this actually work? Are they taking these passwords and entering them against a live site? If that is the case wouldnt the hacker get blocked after a few seconds? Plus with 2FA, is this even relevant?

Ronin Ryu are you serious? 😂😂😂

Nils Svanstedt yes I’m serious asshole

420

Ganja means bald in hindi, so might be the reason

I cracked up when camera focused on that on screen - glad you highlighted it 😀

@@Gamer-uf1kl it also means weed or heroin, not sure which one.

@@arpitpatel5312 cannabis/marijuana

I have a theory: in this Alternate Spiderverse, Peter Parker (by Tobey Maguire) got fed up with chasing low-budget criminals in NY, quit his cr*ppy job and moved into the UK. There he developed an English accent, got a degree (and later a PhD) in cybersecurity to protect his new identity and since he already had close relations with the Web ;) So, this would be the origin story of Dr. Mike Pound

@@usseal922 Ha I only had to scroll 5 comments to get to here. This makes the op fact.

i cant unsee that now

I thought he did web design

Lol

brilliant

No, 12345

@@Zooiest No, 1

BuckieTheCat Your password has to be 5-32 characters long.

Thanks what's your email? Lol

You should change banks then, they are just begging to have their database leaked.

Yep, You'd need to compute 2.8147498*10^14 hashes assuming that the passwords use extended ascii characters and also assuming that you know the hashing algorithm used. (Which can be achieved in a few seconds)

+moute3 Yes but the banks have other forms of authentication, including inputting specific characters of a secret answer and generating codes using your phone or hardware key.

Locut0s That doesn't make sense. That would be a reason for _not mandating_ long passwords. It can't be a reason for _forbidding_ long passwords. The only explanation for the latter is idiocy.

Locut0s I have to agree with Correctrix that if what you said is the case, then I can see why they accept weak passwords. But it does not explain why they would prevent experienced users from setting a strong password by having a maximum of 8 characters.

not if my passwords look like siUn$2$8’clwo!&/ienzla!!:&*’eisnJbdKbs&29,£~*£\’Idk&/9

@@Jay-S04 That's been added to the dictionary now

@@Jay-S04 i use keepass, do mine look like that

Not a fact, but closer to a hypothesis

Your icon almost got me there damn.

it always get me. the worse is the fly one, I don't know if you never saw that, but *DAMN* each time I try to swipe the screen like a fool

+Russell Teapot The spider is facing 45° left, I don't get how it can startle anyone ever since scrolling means it moves upwards diagonally. Won't judge though :/

Well I wasnt scrolling when I was reading the comment but yeah once I scrolled I realized it wasnt real :/

did you see "iloveyoukate" at 14:49?

marcuslola Thats my password

420 blaze it.

hahahahahahahaha

I am now changing my password to "ganjagoblin"... consequences be damned!

bro I caught that too - had to left arrow to confirm lol

Thanks, now sorted >Sean

+Computerphile what is the disadvantage of designing your own hash for your own service? Wouldnt not knowing the hash procedure effectively eliminate the ability to crack passwords by using this method? Thanks.

+Osama Rana also, often enough if they can get to your database, you should assume your code also isn't safe

Thank you everyone for the insightful comments. Ps, I like the phrase "security through obscurity". That was exactly what I was thinking

'I like the phrase "security through obscurity".' You got that this is a bad thing, right? Like, really bad? Just checking.

And even if you *do* know what salt was used, computing rainbow tables *per user* would take a substantial amount of time for a large dictionary.

you mean pepper. salt is saved with the hash, so it just slows you down (a bit).

@@_piulin_ A salt wouldn't slow you down if you're attacking a specific user, but it would make the attack difficult to generalize since every user has a different salt and the passwords you test must have the salt at the end.

@@kalebbruwer I know, that's what I meant. If you hacked a server and got the hash file, then it's way slower when it's salted to interpret all the hashes, so you can sell them.

Hence why you change your password at least once a year.

Lol

You would be surprised how long some passwords can be if the service allows it.

Talk-Power removed

They encrypts the passwd ( I guess)

apparently a common password

14:45 iloveyoukate Me too. Me too....

i smiled at linkgundam, amusingly enough.

Gaijin

lol, ganja

Just don't change all your passwords to a single new one hah.

Use a password manager. It can change them all for you automatically, and all to different passwords, and all to extremely secure passwords.

Friends. Use KeePass, it's free, open source and multiplatform. Change all your passwords. Use unique password per site. Let me know if you have any questions.

The only password I know is the one that unlocks my Keepass database.

I have KeePass on my computer and KeePass2Android on my phone. Install Dropbox to both pc and phone. Save your database or database copy there so it can be access in your pc and mobile.

Now that's clever!

Pah! I store my passwords using an enigma machine, weak!

@@arrowb.8438 dasoberkommandoderwehrmacht...

Arrow B. Enigma is broken. I use SIGABA

Laughs in quantum computing.

Totally got mine. 14:46 ILOVEYOUKATE

+Mike S I used to have that one only without "you" in it.

Everyone loves Kate, that's the problem

18:51 ashishiscool is my friend's password and his name is ashish.

+Филип Брчић genius XDDDDD

Ganja means Bald in Hindi so it reads as baldgoblin

@@dishant8126 yea i bet thats what he had in mind

There is nothing like impossible to hack in this digital world. For any hack related issue Contact @cybersquad047 on Instaqram, Cybersquad047@gmail.comthanks to them I found out the truth about my spouse

@@dishant8126 I knew that... That was what I was thinking

XD XD XD almost as if it could potentially just be habit and he clearly realized instantly he didn't have a wrist watch on at the moment XD XD XD

@@gtc4189 XD XD XD

Plot twist: he didnt havr a wirst at all

Wurst.

I recover my instagram account back through *hackerlouis05* on instagram he’s legit and reliable 🏻 🏻 🏻 Contact @hackerlouis05 on Instagram for your hacking services he’s legit and reliable

he does have his own channel and probably takes up a lot of his time! check him out its pretty cool stuff.

I believe he said he'd not do too many more as he didn't know as much as some people on subjects.

Chris Gough ty

Ikr! I love his videos on Computerphile!

I actually stopped watching Computerphile so much and started watching his channel...

Are you talking about permutating your actual passwords, or salting the hashes before storing them in a database?

That's in the Tom Scott video about storing passwords.

they weren't talking about securing servers they were talking about how to crack the passwords. adding salt doesnt protect at all against the attack he used, it just makes him repeat the attack for the group of paswords with a particular salt. That would be a great followup though.

Or peppering.

koori049 "it just makes him repeat the attack for the group of paswords with a particular salt" Well, yes, if you know the salting method you could have a guess, but the most basic of static salts can make the most awful password extremely hard to brute-force, at least as long as the salt it unknown.

ok

I used BigPeen6969 as my password

CanIEatYourCat? Was one my younger self used for everything. No login ever gave me an answer

most people, even supposed smart people, see the whole concept of setting a password as a nuisance rather than a necessity to prevent misuse of their account.

Did you used mycubana too?

Gee I wonder if MR. Putin knows him ; SIR???

12345?

You need many, many more upvotes.

Or just use Secure Remote Password and not have to worry about your database getting leaked?

Cíat Ó Gáibhtheacháin I feel like I'm missing something obvious, but why do you need to store users' passwords?

rsa 4096

***** You don't store the passwords: you store something for checking if a password is valid.

I could also never understand how passwords were brute force hacked when most services lock you out after 3 attempts. It never occurred to me that most of these databases are hacked off-line! This was a great video.

megszentségtelenitettlenségeskedéseitekért!

lol

And monamireda means my friend Reda (a fairly common arab/Moroccan name) in french. And so ashishiscool... Did he just tell us his dealer's name? 😏

just use a password manager

@@waves_under_stars Even a simple 8 digit password generated using all possible ASCII characters (81) All possible combinations would be 81^8 is 1,853,020,200,000,000 possible combinations. When it's completely random with no possible way to use a Dictionary attack, and it must be guessed from the ground up. It would take literally centuries for a standard home computer to crack. And even months for a super computer like Computer Philes "Beast" with its 400 billion guesses

@@waves_under_stars Set it above 15 digits long, completely random, and it is practically uncrackable unless they were to use some Gigantic botnet utilizing all their GPU's

@@BreadMan434 but then the problem is remembering dozen 15 digit completely random passwords. And the answer is writing them all in a txt file, encrypting it with a strong master password and remembering only the master password. Or just use a password manager. It's essentially the same but better

@@waves_under_stars I have learned between offline and online life. That most people are lazy.

You should be using the new winner of the Password Hashing Completion, Argon2.

@@Abanmy well people often use the same password for their email as every other site...

It's real we use almost the same password for all social media

Because shorter is easier to guess.. In 2016 nobody is worried if your passwords takes up 8 bytes of 8000 bytes really.

To increase entropy, which is the amount of possible activity of difference between different nodes (in this case possible characters in your password); if a password doesn't have too many possible guesses from the start, it will limit the amount of entropy at the end of the hashing process. Around 6:30 he talks about how it's easier to brute force lower case only passwords, that's because there isn't much entropy. That's why the websites want a varying amount of characters, like capital which effectively doubles the entropy at just the first step (without hashing, or plain text). But the thing is complexity can only go so far, because there is a limited amount of characters you can choose from on your keyboard, so the entropy increase is sort of logarithmic (starts off steep increase, but dies off quickly). But there is another way to increase entropy: length, which in fact increases entropy exponentially (another letter pushes it to a whole other level of entropy because that's one more exact letter that needs to be accounted for, which may take the machine a couple thousand or quadrillion runs around the track of checking your password). It's all about entropy and increasing it, because that makes it harder for anything to guess your password.

Chris Bernard I'm sorry you spent so much time writing that comment, but I was talking about a maximum, not a minimum length.

***** Ha misread that as well! I don't know? aesthetics perhaps? Now that you mention it, why not copy paste a unique binary file as a password!. Crack that!

Diggnuts Exactly.

Thanks for the update. I can finally get rid of the capital letter in mine.

probably ask the user to create a new password when they log in

Hash the existing password hashes a second time with the new algorithm, then update to use _just_ the new algorithm next time they log in.

That's a fairly common method, yeah. And if there are any concerns that the data has been compromised then most sites will force you to change your password when you next login and store that.

hash the hash

Correct.

salt and pepper makes a well seasoned secure hash

ok, what is that salt?

@ Thanks for explaining.

I recover my instagram account back through *hackerlouis05* on instagram he’s legit and reliable 🏻 🏻 🏻 Contact @hackerlouis05 on Instagram for your hacking services he’s legit and reliable

@@jessicahsmith4815 thanks, Jessica Smith, Very cool.

Omega lul

I recover my instagram account back through *hackerlouis05* on instagram he’s legit and reliable 🏻 🏻 🏻 Contact @hackerlouis05 on Instagram for your hacking services he’s legit and reliable

@@jessicahsmith4815 imagine actually making a fake account to self promote to the people who doesn't care :D...(especially to those who can "recover instagram account" themselves ; ))

long password and use uppercase+lowercase+numbers at least

and other characters like !@#$%^&*

also no common words and names

Using Symbols that aren't leet speak.

Try this crackstation.net/

other than him specifically stating NOT to use MD5 lol

@@RiDankulous The password is not the important part. No matter how long or random your password is, if someone finds the hash and the developers didn't salt it, that person could use a rainbow table to find a password that matches the hash and access your account. Hashes are bound to have collisions at some point.