Wrong statement in the second minute. A hash function is not compromised just because it has collisions. By definition, it will have collisions, as the input space is infinitely variant, while the output space is finite, indifferent to the actual length. The question is how easily are you able to find an input that matches the output you have.

You know Enderman is fighting for his life with KZbin when he pulls out the longer intro with the disclaimer.

The disclaimer in the description LOL

The handling of passwords in a Microsoft OS is complex because they use passwords for many usages. The OS (or its domain controller) will store a hashed version of the password, but there are also values which are symmetrically encrypted with keys derived from the password or from the hash thereof. The authentication protocols do not include provisions for exchanging salts when some hashing must occur client side. It is difficult to alter the password processing algorithms without impacting a lot of subsystems and potentially breaking the backward compatibility, which is the driving force of the Windows ecosystem. It goes down to strategic priorities. Microsoft knows that altering password hashing and authentication protocols to include a salt will have some non-negligible costs which they would have to assume (by fixing all the components which are thus affected). On the other hand, not changing the password hashing is rather "free" for them, because a flaky hashing algorithm will not convince customers to switch to other non-Microsoft systems (the OS market is, in practice, a captive market); it takes a lot more to force potential customers to envision an OS switch which is very expensive. Also, password hashing can arguably be qualified as "defence in depth", a second layer which has any impact only once a breach already occurred; as such, it could be presented as being of secondary importance. Therefore, it is logical, if irritating, that Microsoft does not update its poor password processing practices. Historically, Microsoft did only one update, when they switched from NTLM v1 to v2, and it was kind of necessary because the older LM hash was so weak that it was beginning to be embarrassing. My guess is that it involved a lot of internal hassle and they are not eager to do it again.

I'm downloading this video before it gets taken down by KZbin.

When I was a teenager in my early days of computer enthusiasm, I was annoyed that websites would make me set a new password if I forgot it, rather than tell you what it is via email. However, now that I'm far more knowledgeable about this stuff, I actually like that way. Any website that tells you your password via email rather than making you set a new one is storing the passwords unhashed. If you encounter such a website, you should avoid it at all costs.

Let's hope KZbin doesn't take this video down.

What the heck, MD4 AND unsalted?? As a wise man once said... "WHAT!?? (pause.) WHAT THE F***"

MD4 was already known to be insecure in 1991 and got retired in 2011...

This is giving me flashbacks to my family members losing their windows login passwords and making me retrieve them in high school

enderman: uses voice, puts calm music also enderman: uses textbox and intense music

Another day, another video of Enderman showing us why Windows security is mostly a joke.

Wait... Can non-administrators access the sam/registry files? In theory, could they copy them from a "secure" corporate machine, to a USB and take it home, import the hives crack it at home? Most corporate PC's have one local admin account for remote IT or troubleshooting.

There's plenty of policies to configure Kerberos in a domain setting. The threat model here is pretty limited; a stolen, powered off machine would ideally have bitlocker, which would first need to be compromised

So glad for the disclaimer I wouldn't be able to support you if you were an illegal hacker.

Do not use Windows, Linux, OS X or any X86/ARM/RISC/PPC OS. Do not use PC at all. It's bloat

The computers at my school all have the password "0" Yea very secure, i know

I've no idea why KZbin would take this down. Enderman, I'm new here, and in the first 4 minutes of your video you explained a hash in a much clearer way than I've ever seen it explained before. You've got a great voice for presentation and you do your best to communicate knowledge that is accurate given the information you have at the time it seems. This is educational and something you learn in network security courses so it's not like it's super secret stuff. I hope KZbin doesn't delete anything . Knowledge is important and for those of us who seek it for pleasure; this video is a treasure. Now back to the video!

extended endermanch intro dropped

Ah yes. Old NT code starting to bite back. Surely this can't get any worse, right? Right???

Thank you for taking the time to create this content. The security weakness exposed in this video is intentionally left as-is. We understand that three-letter agencies prefer personal computers to lack strong access control, making it easier for them to monitor and conduct forensics. Microsoft willingly complies with that

Just by definition a hash function with variable input length like a password will have collisions if the output length is fixed. You have unlimited inputs but only limited outputs

yeees voiceovers are back! thank you!!

bro didn't get hired 💀

The salt does not have to be different for every user. It really doesn't even have to be different for every computer. If the salt value is only 16 bits that would cause an attacker to have to generate 65 thousand sets of rainbow tables. Given the amount of time and energy it takes to generate a rainbow table it makes them impractical.

She crack my password till I windows

Thank you soo much, I got a hard drive from my campus, they are updating their classroom hardware, it has an original windows xp professional on it but I didnt get the password for it, wich means all I can do is what it was intended for (openning power points and other class related stuff), they told me I should just format it anyway but I'm sucker for windows xp and I'm not giving up on it.

This is one of the good things that come with a Microsoft Account, you can set a PIN (which doesn't have to be just numbers, can just be a password) but it's stored in the TPM, so it's a pain to bypass if you also then turn off password authentication.

Brilliant! Love the way you explain things. Someone once said - if you can’t explain it to a five year old then you don’t understand it. And that’s exactly how you explain things. So simply. That’s very rare in the IT world. My only negative is you said wallah instead of voila 12:54 😉

Maybe I just haven’t seen an Enderman video in a while but I’ve never heard them voiced before

Hahaha!! You made me laugh so hard when you were looking at printing the registry tree. "Why would anyone want to (print the registry tree)? This is useless". LOL

I loooove your videos, nice that you are restoring the vid schedule 🔥🔥 Keep it up! ❤

A other enderman video? Christmas came early!

all hashs of N bits will have a collision every approximately 2^N bits. Collisions are impossible to avoid when text is longer than the hash length. But may be computationally impossible to find. (Small note on start)

Fun fact: Mimikatz, instead of doing all of this, captures the NTLM hash that was already used in the session. Maybe that's why MSFT wants you to get an account instead of a local user, because it uses a different algo, instead of an unsalted MD4?

Enderman is so brave man like he got 2-3 strikes AND HE STILL DID THIS VIDEO

Haven’t seen the long landscaping intro in a while, it’s amazing lol

You know the videos good when it starts with “This video is for educational purposes only”

Insightful! Great explanation 👍

In the beginning I thought: "Hope they dont use MD5" Then you brought up MD4 🤦‍♂🤦‍♂

@1:45 All hash functions contain collisions because their output is fixed length. You can not map an infinite space of inputs onto a finite space of outputs without duplicates. A hash function is compromised not if it contains collisions (that is unavoidable), but rather if it is possible to feasibly calculate collisions, either by analyzing a bad hash function (for example sum all bytes and modulo to get your fixed size) itself and design your input accordingly (for example altering your bytes to fit the criteria), or by brute force trying to find a matching hash for a known hash being feasible because the hash function is just too fast (md5). Of course CRC32 and MD5 are still perfectly valid, but only for data integrity checks where the problem is unreliability, not maliciousness.

1:35 I feel the need to nitpick here. A hash function is not considered "compromised" because it has collisions. They have a fixed length output and can take inputs of arbitrarily large size, so you have an infinite number of inputs and a finite number of outputs. It is not possible for a hash function to never collide, and SHA-256 is still cryptographically secure. There is no better approach than brute force, and it is completely infeasible with today's technology to reliably find collisions.

just realized there's a small "easter egg" in VMware window at 11:49, there's a VM called "Windows 12" :p

Lets hope KZbin doesn’t take this down despite there being a warning

Much respect for you man. You made me learn something new to thi shitty windows world and definetly convincing me to pass to linux. Your channel is so underrated

When the long intro rolled, i already knew it was good. btw, the nostalgia when the intro rolled....

Alright, bet that KZbin will takedown one of the videos again, and we'll have the fiasco again. 💀

Hi Enderman, great video. I know what YT did to you, and you got 2 str-whatever. If YT t----- your channel, will you keep uploading on your “Andrew” account or just make a new YT account and just name it Enderman and just continue there? Just asking cause I love your channel. Just be sure to download your videos via YT studio to device (At least your 10 latest) so just incase anything happens, you have a little backup of videos. Just like to know. Love your channel. Have a good day❤

That amazing, never thought about that print function in the registry, seen print button a million times but never thought once of pushing it and seeing what happens, very clever of windows to do that.

Ridiculous. Thanks for sharing. I like the glitch transitions in your edit.

This is done only for the basic Windows password on a local account right? And not for the Windows Hello PIN or (dare I mention it) a Microsoft account login? If not, that's probably why Microsoft hasn't fixed it. From their perspective they already have fixed it: just use a Microsoft account instead of a password.

KZbin would rather be magenta and delete enderman's videos but wouldnt ban the elsagate content

I remember taking a course in IT security and as part of it, we extracted hashes from an XP computer using a special program. Think it got the password through the LM hash. It was a while ago now, maybe 15 years or so. Seems things haven't improved as much as it should, unfortunately.

YOUR CHESS ELO IS 2000!?!?

Great Video And Interesting. I hope KZbin Doesn't Take It Down

Enderman once again breaking Windows and asking KZbin not to take it down

I love how the intro screen is basically "KZbin for the love of god dont take this down im not teaching people to hack the fbi"

At this point it's beyond safe to assume they're doing it intentionally

I love videos in which you explain things like these to us!

really interesting video, also lmao so many disclaimers, hope u won't get banned again

Everyone else for the last 15+ years: let's use computationally difficult functions with quality random salt Windows team: yo I just heard of this MD4 thing!

Hiding the key in the registry is like... Just what? This is like a crutch of crutches. Who is that even for? What does it protect? From whom?

you know a video's gonna be good when it has the extended intro

"Security is not about preventing every attack, but about delaying attackers long enough for you to react."

as Soon as i see the "This video does not condone or promote hacking or any other illegal activities." Screen i get flashbacks from when enderman couldnt post and had trouble with youtube xD

that class name trick is insane lol. security through obscurity and not through, yknow, actual security

i too love cracking passwords legally!

Don’t keep complaining about Windows, he needs to create his own OS at this point

Microsoft have turned crap security into an art form - it has to be deliberate. I stopped using Windows in the 90s after realising how dreadful it was at its core, NT 3.5.1 notwithstanding. In the intervening years I'd assumed that Microsoft would have got its act together and that by now it's probably as secure as anything else. But when I see videos like this in 2024(!) I'm stunned at how pathetic the security still is. The rest of the world has solved these problems, and good security is now accessible to pretty much everyone...except at Redmond evidently. Thanks for this video - it's nice to get a glimpse into world of Windows' cutting edge security failures.

Excellent content.

I heard years ago that if you have a password over 14 characters then Windows uses a different hashing algorithm or something, can't really remember the details.

Not salting passwords in 2024 is wild. Not using a kdf or password specific hashing function too.

All hash functions have collisions. They have to. When more than N objects are put into N slots, there must be at least one slot with more than one object. I.e. the Pigeon Hole Problem.

i just want to say that a hash function doesn't hash a string, it hashes bytes. otherwise files could not be hashed. its even visible in ms algorithm (at 4:17): hash = md4-hash of UTF-16 LE encoded X. i know its not the most important correction, but you should be precise with stuff like that and if its simply for the understanding that a string can have different hashes even if the same hash method is used, solely because you have chosen a different character encoding.

not sure what good a niche use-case like this is; already logged in as admin on a machine is rarely an accident to someone who also has the ability to write a script to pull a hash. it's a clear demonstration of reverse engineering, with some interesting finds, but definitely impractical for the purposes of already being locked out of a bitlocker encrypted windows install.

0:20 i realy like the video tilting

ALL Hash functions WILL theoretically have collision(s) - if the bit length of the source(s) is greater than the bit length of the hash.

Huh... Interesting. Thanks for the video!

if one singular person hits that report button this video will 100% be no more

Thanks for the information!

thats very interesting, I've always wondered if it was possible to crack windows passwords but i did NOT anticipate MD4 of all things...

I have an issue with Sam module I have installed via pip install Sam but says cannot find f2tdt I didn't find a solution on the internet

The registry api does let you read the class name for the key. It's trivial to automate reading this obfuscated data. Spend an extra hour and add it to the script.

Babe wake up new Enderman upload.

Of course they care - they have alternative hash methods - but they can’t change the NTLM hashes for compatibility - but it’s a good idea to turn them off if not needed anymore

you're already running as Local System to even access those parts of the registry, so yeah ofc you can get the passwords if you're already running as the highest priv user possible. At that point you already have access to everything on the machine anyway so don't even need to get the user's passwords

Here before the video gets taken down

Well, you know what they say: "Windows security keeps only the honest people out"...

Microsoft: spends billions making next OS "safer" Some KZbinr:

Enderman: THIS VIDEO IS MADE BY PROFFESIONALS AND SOLELY FOR EDUCATIONAL PURPOSES Me: WE ALL KNOW IS ENDERMAN A PROFFESIONAL WHY DO U SAY THIS????????? Edit: I mean Enderman is a legend♥

Bing bong enderman gone

The real question here is how does one manage to get an animated wallpaper in Windows without any shady malware?

Bro has been changed the tile and thumbnail instantly After few days later of uploading this video 😅 I have been back up at this video on my channel so when KZbin has been deleted you can still see it 😂

Hi sorry if this is a noob question. if the password used is not in the massive database, acquiring the hash doesn’t mean your password can be acquired right?

Does this work if the account has a PIN or are PINs stored differently?

Thank you gru for teaching us

Remember when enderman used tlauncher? He uses prismlauncher now. how old we got 😭

cracking passwords is wild 💀💀💀💀

disclaimer, dah need save a pc with a idiot password installed on it from your little brother/friend/any family member(actual situation of many users)

bro really said: "Yeah Im not getting another strike, Im going all in on the disclaimers" 😂