The BEST Ways to Store Passwords in Your Database

Рет қаралды 14,153

Күн бұрын

Пікірлер: 44

@codedamn 2 жыл бұрын

If you liked this video, consider checking out codedamn.com - an interactive way to learn coding. Become a stellar full-stack developer learning to code interactively: cdm.sh/fullstack

@akashdash6023 2 жыл бұрын

random salt + hash, with a cpu intensive hash function like bcrypt

@Anonymous-gt8zn 2 жыл бұрын

This video is amazing.. now I understood why bcrypt is soo popular..

@venkateshyadav368 Жыл бұрын

Nice video great Content

@KeffelewAssefa 2 жыл бұрын

Thank you

@hassaanraheem56 2 жыл бұрын

But in generally top mnc's uses combo of multiple hash functions.

@smaranh 2 жыл бұрын

Keep making these AWESOME videos

@elamandeep 2 жыл бұрын

bycrypt hashing algorithm or use auth0

@bramlachat2515 2 жыл бұрын

I watched this video till the end!

@neontuts5637 2 жыл бұрын

Nice video sir. Please can you make a video on Bcrypt. How to use in MERN Stack etc.

@rajeev3147 2 жыл бұрын

i watched this video till the end!

@nicetomeetugaming7024 2 жыл бұрын

Good video sir!

@vijaychauhan.9134 2 жыл бұрын

Very nice video 👍👍

@guddetiajaymanikanta 2 жыл бұрын

You are awesome.

@suryapratimpaul 2 жыл бұрын

I watched the video till the end and also watched ads.

@vijaychauhan.9134 2 жыл бұрын

Very nice

@thegreatprogrammer5937 2 жыл бұрын

I learnt today that even your own colleagues or employees can also do malicious stuff to your own product!

@aswincg5895 2 жыл бұрын

Do a video on Remix. Seeing many tweets about remix these days

@2206arnab 2 жыл бұрын

I’m thinking, what would be pros and cons of doing hashing in rounds like DES or AES? For example, if I MD5() a value for K times(say 8 or 16), wouldn’t that be extremely hard to break via brute force and faster than bcrypt() as well? Just thinking out loud. Not sure if it’s in the right track.

@akhandpatel4873 2 жыл бұрын

Adding multiple rounds, increases the complexity but that can be handled by using a lookup table. It is easier to create a lookup table in case of unsalted md5.

@2206arnab 2 жыл бұрын

@@akhandpatel4873 Yes it would increase the complexity, but isn’t bcrypt doing that as well? And coming to salts, what if someone encrypts the salt or maybe use multiple salts in multiple rounds of hashing?

@akhandpatel4873 2 жыл бұрын

You maybe right but in case of md5 the output range is 64 bits and in bcrypt it is much larger than that, and moreover in case of bcrypt, the calculation doesn't increase linearly with rounnd but rather exponentially. But i wouldn't say that rehashing md5 hashes would be worthless, but not as useful as bcrypt

@2206arnab 2 жыл бұрын

@@akhandpatel4873 understood. Thanks. I’ve never came across this kind of use case in real life, only studied them back in college. I usually go the OAuth way. But, yeah I’ll check on bcrypt a bit more. Thanks!

@vijaychauhan.9134 2 жыл бұрын

Super video 💯💯🤣🙂🙂😊👍😊😊👌

@ujjwalsaxena6469 2 жыл бұрын

But wouldn't using bycript to store password also increase the time taken by to authenticate the user (while checking password)?

@codedamn 2 жыл бұрын

It’s 100% worth it. It’s like saying we should not use https because tls handshake takes time

@ujjwalsaxena6469 2 жыл бұрын

@@codedamn Thanks :)

@tibzdankan 2 жыл бұрын

I watched this video till the end

@chatarsinghchundawat4239 2 жыл бұрын

I watched this video till the end.

@pranavbhat29 2 жыл бұрын

6:04 Should we also not guarantee that the hash function has as less collisions as possible? Or else two users might accidently have the same hash for their two different passwords

@shadestorm3995 2 жыл бұрын

why should that matter aslong as the user_id is different ?

@neuideas 2 жыл бұрын

Preventing hash collisions is one of the first things hash developers focus on. If collisions are easy, then it's not a valid hash algorithm. At best, it's a fancy checksum.

@pastuh 2 жыл бұрын

obvious social logins is best. Another way just send login confirmation to email

@JarppaGuru 2 жыл бұрын

1:50 it wont matter if ALL DATA is encrypted it random order based on something and multiple times. hacker cant know and hashes are pointless. hash multiple time and between new encryption reverse order and hash that hash with new method. hacker cant know there becouse too many variables, but developers are stupid. it only take millisend hash hash reverse hash reverse plit in midle hash lol but million years crack even know correct order