1
00:00:01,370 --> 00:00:05,330
In the last video, we saw how people and women were raped.

2
00:00:05,810 --> 00:00:07,760
Now we'll see how to hash passwords.

3
00:00:09,170 --> 00:00:10,760
So basically, what's happening is.

4
00:00:12,160 --> 00:00:13,900
When he was able to buy his passport.

5
00:00:14,760 --> 00:00:15,120
Now.

6
00:00:16,150 --> 00:00:20,770
This password will take this and then use some hash function on it.

7
00:00:22,890 --> 00:00:29,520
Not this hash function does this factor into what hash value, so this is the mechanism that will follow

8
00:00:29,520 --> 00:00:34,830
in hashing, it is almost impossible to build that hash back into a password.

9
00:00:36,120 --> 00:00:36,390
Why?

10
00:00:36,390 --> 00:00:42,870
Because it has hash functions are designed to be calculated very quickly going forwards, but almost

11
00:00:42,870 --> 00:00:44,310
impossible to go backwards.

12
00:00:44,730 --> 00:00:45,090
OK.

13
00:00:45,540 --> 00:00:50,850
So when the user tries to log in with their password, we turn that passwords into hash using the hash

14
00:00:50,850 --> 00:00:53,430
function and compare the hash in our database.

15
00:00:53,820 --> 00:00:59,040
So basically, when the user registers, then we'll, whenever things that registers, will not start

16
00:00:59,040 --> 00:01:03,420
the password based order but hash that we are using.

17
00:01:04,590 --> 00:01:09,870
By getting that like that, my bank card that we get by using the hash function that we installed.

18
00:01:10,230 --> 00:01:16,470
Now when the user logging logs in, we'll also compare the hash when they used logs in with the national

19
00:01:16,470 --> 00:01:17,070
database.

20
00:01:17,550 --> 00:01:17,910
OK.

21
00:01:18,570 --> 00:01:19,680
So that is what happens.

22
00:01:19,950 --> 00:01:24,600
And also going forward, the complexity is less and going backwards in time.

23
00:01:24,600 --> 00:01:29,790
Complexity is very that's why it is impossible to convert almost impossible, not totally impossible,

24
00:01:30,570 --> 00:01:34,410
almost impossible to convert hash functions back into the past.

25
00:01:36,000 --> 00:01:39,870
So there is only like not many steps on the three steps required.

26
00:01:40,230 --> 00:01:43,590
First thing will be using a package called M.B. five.

27
00:01:45,140 --> 00:01:46,250
That we'll see here.

28
00:01:49,780 --> 00:01:52,660
You can see here this is the package that will be using.

29
00:02:01,360 --> 00:02:05,350
Can see this this is a JavaScript function for hashing messages with every five.

30
00:02:06,550 --> 00:02:06,910
OK.

31
00:02:07,450 --> 00:02:09,760
How to use this empty fight message?

32
00:02:10,550 --> 00:02:14,920
Are we going to show them defy request and then cancel amplify messages, filtering, bring the saw

33
00:02:15,190 --> 00:02:16,000
what it is doing?

34
00:02:16,420 --> 00:02:20,210
This is just changing this message stream into hash.

35
00:02:21,410 --> 00:02:26,210
You can go to the documentation to see how it is, how they're using it and everything so they can.

36
00:02:26,210 --> 00:02:29,180
The second step is just required and use it.

37
00:02:30,940 --> 00:02:31,610
Required.

38
00:02:32,110 --> 00:02:33,270
And use it.

39
00:02:35,090 --> 00:02:40,970
The third step is we have to remove the Mongols encryption and plugin from user schema.

40
00:02:42,070 --> 00:02:43,300
So as you can see here.

41
00:02:44,500 --> 00:02:51,820
When we are using the database encryption and using plugins and some user schemes that we have to remove,

42
00:02:51,820 --> 00:02:55,180
basically the previous encryption we have proven at this level of encryption.

43
00:02:55,810 --> 00:03:00,580
So yeah, so basically this is the two things that we have for posting define them before it was to

44
00:03:00,580 --> 00:03:06,970
require them to fail, requiring you have to continuously install it and after requesting it whenever

45
00:03:06,970 --> 00:03:13,420
the user Typekit password will get that password by by getting rid of this thing, a request or monitored

46
00:03:13,420 --> 00:03:14,470
by a password.

47
00:03:14,830 --> 00:03:16,750
This is basically body parts that if you remember.

48
00:03:18,170 --> 00:03:19,880
And then this will save in the database.

49
00:03:21,310 --> 00:03:26,670
So this is brought up by using the same method that is used to accept functional dysfunction, you will

50
00:03:26,680 --> 00:03:28,240
use and then save it in the database.

51
00:03:29,450 --> 00:03:31,340
So that is all punching that short.

52
00:03:32,460 --> 00:03:33,450
But before that.

53
00:03:34,390 --> 00:03:37,390
Before finishing this, that is again a disadvantage of this.

54
00:03:37,990 --> 00:03:39,700
So basically, this is how it works.

55
00:03:40,120 --> 00:03:41,720
That will be a new encryption.

56
00:03:42,010 --> 00:03:47,500
There'll be a new security mechanism that will be introduced and then that will have some loopholes.

57
00:03:47,500 --> 00:03:52,900
And again, they will improvise it and then get some other mechanisms and tools like that.

58
00:03:53,770 --> 00:03:58,540
So basically, there is and that is a thing called dictionary attack.

59
00:03:59,200 --> 00:04:00,550
So what is dictionary attack?

60
00:04:01,530 --> 00:04:09,270
Creating hashes from all the possible words in a dictionary, and that will be around 15 one lakh 50

61
00:04:09,270 --> 00:04:11,100
thousand hashes that you need to create.

62
00:04:12,240 --> 00:04:15,870
And also adding all the numbers from telephone book backwards.

63
00:04:16,530 --> 00:04:19,710
Let's all the combination of characters up six places.

64
00:04:20,370 --> 00:04:24,240
Sum total value of that will be nineteen point eight billion.

65
00:04:24,990 --> 00:04:28,170
OK, so dearly beloved nineteen point eight billion words.

66
00:04:28,170 --> 00:04:34,590
And then how to calculate that if some if it is possible to transfer them into the hashes and stored

67
00:04:34,590 --> 00:04:37,320
in a database, then we can basically compare.

68
00:04:37,330 --> 00:04:42,480
If we have access to some servers database, we can just compare the hashes that are presenting, said

69
00:04:42,480 --> 00:04:46,860
that server database best to the hashes that we produce using that dictionary attack.

70
00:04:48,240 --> 00:04:55,220
So using the latest GPUs are graphic cards, which are capable of parallel processing and therefore

71
00:04:55,220 --> 00:05:00,300
are particularly suited for bitcoin mining also generate hashes.

72
00:05:00,630 --> 00:05:06,720
So with these latest GPUs that are used for parallel mining and bitcoin mining and everything, they

73
00:05:06,720 --> 00:05:08,250
can be used to generate these hashes.

74
00:05:08,790 --> 00:05:13,710
And you know one thing it can calculate 20 billion modified hashes per second.

75
00:05:13,860 --> 00:05:15,620
I'm talking about modifiers.

76
00:05:16,200 --> 00:05:17,120
So this is it.

77
00:05:17,430 --> 00:05:23,010
As I said, you will use some hash function so that I'm different, meaning this is a function.

78
00:05:23,820 --> 00:05:28,380
So this function, we can basically collect 20 billion antifascist per second.

79
00:05:28,890 --> 00:05:35,790
Therefore, there are pre-built hash tables that people created for the top 10000 most common passwords.

80
00:05:36,570 --> 00:05:43,590
So if sometimes you like just give some random like, you know, simple password, we be not coming

81
00:05:43,590 --> 00:05:44,310
from the Google.com.

82
00:05:44,310 --> 00:05:46,740
This password is very risky pastebinit.

83
00:05:47,130 --> 00:05:50,360
For example, most common passwords are one two three four five six seven eight.

84
00:05:50,770 --> 00:05:54,000
Awkward Q W e r b the first six letters.

85
00:05:54,780 --> 00:05:55,140
OK.

86
00:05:56,160 --> 00:05:56,790
Hello, world.

87
00:05:56,790 --> 00:05:57,510
Welcome.

88
00:05:57,510 --> 00:05:58,230
Good morning.

89
00:05:58,320 --> 00:05:59,700
Your names, phone numbers.

90
00:06:00,420 --> 00:06:01,920
All these are general passwords.

91
00:06:03,320 --> 00:06:06,830
So these are the these people passwords.

92
00:06:07,010 --> 00:06:10,700
There are some 10000 most common passwords that all the tables created.

93
00:06:11,390 --> 00:06:15,410
So whenever they want to have some password, they basically.

94
00:06:16,610 --> 00:06:21,800
You know, they will run through this table, and if it is present, then they will simply get X or

95
00:06:21,980 --> 00:06:27,350
they'll create some other new, they'll try some different things by using the dictionary attack and

96
00:06:27,350 --> 00:06:28,160
they will crack it.

97
00:06:28,910 --> 00:06:34,400
So one thing you have to remember is the length of the password increases the computation time that

98
00:06:34,400 --> 00:06:35,450
it takes to crack.

99
00:06:35,450 --> 00:06:37,010
It increases exponentially.

100
00:06:37,700 --> 00:06:39,970
So how much lending will prosper is that much better?

101
00:06:40,100 --> 00:06:42,290
This is a tip for you whenever you are creating passwords.

102
00:06:43,370 --> 00:06:47,330
So this is all they can do this dictionary attack by using everything.

103
00:06:47,660 --> 00:06:51,930
That is why for the hashing, we don't do them different venues be crap.

104
00:06:51,980 --> 00:06:53,900
This is another package of npm.

105
00:06:54,350 --> 00:06:54,910
Here it is.

106
00:06:54,920 --> 00:06:56,870
There are some advantages and disadvantages.

107
00:06:56,900 --> 00:07:00,470
Also, there is also a new technique called salting, adding added.

108
00:07:00,470 --> 00:07:05,690
In the next week or so will basically see the level four that is starting and hashing passwords would

109
00:07:05,690 --> 00:07:06,860
be good in the next week.

110
00:07:07,220 --> 00:07:08,480
That's all from the studio.

111
00:07:08,510 --> 00:07:08,930
Thank you.