We were just shown this as a part of an information systems security lecture, I figured I'd actually go ahead and give it a like because it's simple and informative

Keep up the good work mate, it was informative.

the channel name is perfect thanks dude. 💖

Brilliant video.. I love how you explain such complex concepts in a simple manner.. Please keep up the good work

amazing video. learnt a lot, going to share :-)

Best explanation

Explained very simply thank you

My encryption/decryption algorithms I have (for PHP) take in a string, add some salt, some hashing and then locks it with a key then encrypts or decrypts that with a very “quarantined” password that’s been... Treated. It’s strong asf.

Great video - thank you

very well explained

nice!

Great video! thanks

Amazing video, thank you so much mate!

thank you very much for the instructional - learned a lot (specially w/the salt & cost things). Nice !!! Furthermore, your voice is very pleasant so double congrats!

thank you so much.

It's very nice video.. thanks for your efforts and keep it going

4:00 then just join the length of the username, then the username, then the length of the password, then the password, and then hash it, and then boom! non-identical hashes

Me learning about password encryption so I can add possibility to log in on my website with 3 people per week visits

what do they do with the salted hash?

So you hash your plain text password using 'salt' and 'cost'. This means every password that's the same plain text is different. But when comparing the password that you use to login, should you use the exact same salt and cost to hash that same plain text password? This means you should keep the salt and hash (and cost if it isn't a constant) for every user. Am I correct in this? This isn't explained in the video sadly.

I don't understand something. Maybe someone could help! If we use sha-3 and salt to hide the real password, and a hacker monitors the traffic and capture this hashing password... He could use this information to access to the server and gather all confidential information? He doesn't need the plain text password. The server understands verifies only the sha-3 value?

how can we get hash password?

Where/how do you store the salt and cost do you can use it when the user tries to log in?

Most hackers don't want many people's data- if you do get hacked, either it's by someone you know, or you are just extremely unlucky.

Then its still easy to crack the password if they get both salt and hash r8? After cracking one password , I will apply the salted hash algorithm for all the hash and salt I have.

But how do companies keep a salt value for a given user..? Just sounds like the same problem.

how would a unique salt hash make a bruteforce attack still very much possible? Wouldn't it take a long time for it to crack? Unless you somehow know the salt then probably you could bruteforce a string of commonly used passwords + the salt itself which may get you something or somehow cause a hash collision but that will take ages. Someone who sees this cares to enlighten me? xd

what is hash?

and when you use a quantum computer ? Lol

znia

I dont understand that how i can crack password from facebook???

So can I know my hash of my gmail or fb password? Please reply

They should make a hash system that resets every hour

I just changed my password cause I saw it ryt on the screen

AMAZING. really appreciated you goign through drop Box's encryption method. started coding 8-9 months ago, doing JS now and just started learning how to use the scrypt function as well as salting passwords etc... watching this video made me excited for all the deeper things you can do... maybe one day i shall make it a goal to recreate and code that level of password security like dropbox has! cool vid. thanks again anyone wanna share their experience with coding thus far? anyone think im doin ok learning this stuff after 8 months? or am i behind.... lol... sometimes i can't tell tbh i still love learning all this stuff regardless lol

Thank you, Sir! It did helped me a lot in learning how hash functions actually work! And also Thank You for simplifying the concept!

Learned a great deal of things thanks to this video. Thank you.

Hi bro. it looks like someone stole your content kzbin.info/www/bejne/rJibioSjo6yNgbM and also he pointed that he made this video))) you should ban him for that w/o the link to your channel.

Good job. Studying for Security+ exam here and the cryptography has been one thing I've found it hard to get into. It helps to have different explanations of it.

Just write a dumb sentence like this: Ifind2eggsinmy4bedrooMHousetodaysoblueistheSKY!!

Awesome video, very friendly and pleasant to watch! about dropbox- if they're not saving the keys in their db's, where do they save them? physical devices maybe?

Excellent video but I am not understanding something: You use salt to generate a unique hash from a password (string). When a user re-logins and you want to see the hash of his password you would also have to RE-ADD that same "unique salt" that was given when the user created the account. How do you know that "unique salt" if it was randomly generated?

You mentioned something about encryption key being kept separately, how can it be queried to work on the web application? Kindly put more light

Savjee next video should be about delegated proof of stake

Cyber Security Dev: So which password protection do you want to use? Dropbox: y e s

Yes, but it's a pain to have original passwords for all your services. It's possible to have hundreds of passwords these days..

so regardless of the fact that each of these different methods can be breached, best course of action is to have two forms of logging in to your account a text message to your phone that you have to input when logging in to an account.

The Imgur incident is misrepresented in this video. They did not store the passwords in plaintext, the hashes were solved and leaked.

Is hashing possible for other things like live facial recognition or fingerprints?

One thing I don't understand about hashing is that how does our login info is validated although hashing is irreversible.

Change the unique hash stored on the database for the same password the user uses, every time the user signs in?

I wish if they renamed cost to "pepper". It is more deserving one tbh.

I remember when i used *password* on a minecraft server and my acc was hacked!

I severely doubt anyone has the same password as me... because... goddamn

If there are numerous layers of protection around the passwords then how can the system check whether the password you've entered is correct?

I use a extremely long custom hashing method for my server that uses many variables indented to that user only

[Hash + salt] Question: How can you compare passwords if the hash alters when entering the same password? ex. Bob and Vagene have the same passwords "sendNudes". Both will have different hash. Bob logs in. How would you compare Bob's inputted password to the one in storage? This has been eating at me! I NEED ANSWERS!!! pls

Thank you sir Nice explain !!! thumb up

on 'TamaTown Rewrtten' ii do sha512 then xor the resulting hash with some random bytes then sha512 it again the original game however stored them in plaintext as there reset pass thing expects to just.. get the password back

I don't get it. So what's the Bob's password now? qwertVNc4BdR20n? How will Bob log in if his password as well as Alice's password have been changed?

Nice video! I have a question: what about saving each password with its encrypted version, using the password itself as encryption key? This way each stored password would have a unique encryption key, instead of a single AES key shared among all the saved passwords.

Why don't you explain how to get the HASHES!!

nice video and very well explalined - thanks a lot!!!! :)😁👍✌️

wow......thank you so much...keep it up plzzz

You really explain things simply ✌️

thank you so much for this vid it is very informative

first of all how to get the password in hash form?

On 4:38 you said to use different salt but I can't see it happening. If I use different salt, when I have to check the password, I would not know the used hash. If I keep it on the database, I would have the same problem as leaking the password. What I'm missing?

and how i know my hash code??

Excellent video and explaining the technology. However, I have a situation where I don't know how I would adapt the concepts you explained because the scenario is slightly different. Your example works interactively by comparing user passwords with stored hash values. My scenario is for an automated process (no user interaction at all) and the credentials are self-contained in the program package. These must not be known to the user or anyone who can get a hold of the file(s) containing them. Here is a live example … We have a company application that requires administrative rights to execute but our users only have standard Windows user permissions. I repackaged the application into a single EXE executable script to conceal the admin credentials that are included in the script code. However, I discovered that compiling the script is not enough because the EXE file can be decompiled or someone can use other programs to see the contents. How can I adapt the concepts you explained in your video this my scenario? I need to be able to execute a self-contained application package locally (no network or internet resources) and with specific credentials while protecting said credentials from the local user or anyone who might get a hold of the EXE file containing the credentials. The application needs to use these credentials at run time to perform its tasks. Your insight is most appreciated.

I don't have Twitter and don't use Facebook. I'm computer dumb. I would like to contact you with something. Do you have an email?

Not only to maintain unique hashes...salting also provides extra security for example you can either append or prepend salt data..that requires lot of effort from hacker to figure out

Thank you

Wow. perfect video!!

This is awesome man, thanks for explaining.

When you put up that list of the top 10 passwords, I was like, “been there, done that” 😂. These days I let my Apple devices generate and store codes for me

Well, it was really helpful video

Thanks a lot for the succinct adumbration. And by the way. 04:11 ROFL 😂

Who to hash the letter guys hahah

How secure is smashing the keyboard at random while alternating the shift key?

Ok, so do qwerty i add a salt. But the next time the user logs using qwerty, i need to add the exact same salt. Where do i store it?

How to get the hash text?

lol I love unicorns 😅

Very nice descreption. Loved it. Thank you very much ❤❤❤

How to get the hash please

Thanks 👌👀

thanks agfain...

Well explained! Why don't companies put a limit on number of login trials a computer can have? For example, can't they just reject the user for a limited period of time if they enter totally wrong credentials?

great video

very good video , I learned the concepts in a very good way... can you kindly do a simple javascript project to make the 3 kind of protection (hashing + bcrypt + encryption) to show us how to do it practically as well

Great video!

NICE VIDEO

How do they compare the hashes if there is random salt?

Very informative one.. Liked it.. Well explained!! 💯

This video was incredible, thank u so much

Awesome video - very easy to understand and succinct, it flowed well too - very helpful thank you!

brilliant

u are best

Thank you very much for this video! Certainly learnt a lot from this and would be learning more about it in detail :)

Algorithm.