De-hashing is imposible mathematicly that is why it is safe. Hashing uses functions that can't be inverted so when u use the first parameter that is the actual pass and the second parameter that is the same pass just hashted it grabs the first parameter hashes it and compares it to the second parameter and if that is true it returns "1",that is how i think password_verify() works,since hashing is not an invertable function. BTW still the greatest PHP tutorials on youtube.
But how come the password_hash() gives different outputs for the exact same input? It's not the same as using a sha1() function and then manually comparing it with the input.. Which is better? and why?
I have been watching the series so far and I learned a lot since. Thank you for doing such well done tutorial and putting it on the web for free. Technology is powerful and its effectiveness is enhanced by people like you sir.
You are the best man .I suggest to make some project using all you learned to us such as inventory website or something like that .it will help us alot and you can make it payable and will buy it . I understand every word you said in HTML/CSS curse,PHP and OOP PHP .
No it doesnt dehash it at all. Theres a ”salt” at the beginning of gibberis marked with two dollar marks. It’s used on original hash (rest of the string) for making it more complex and random. Password_verify() uses that same salt for hashing now inputted password and combines it to hash picked from database, and if this matches - password was correct.
i have questions: 1. so basically when i Password_Has the first input i have, it will encrypt the text....but whatever i input there(ex: Test123) it IS STILL "Test123"? just being randomize when you echo it? 2. is Password_Verify() similar to If and AND comparison statement but it will decyper first the encrypted password? like in If statement, you are trying to compare it like: if($input == $hashedPwdInDb){ echo "1";} but unlike a regular If Statement, it has the function to decyper the hashed password then compare it to the $input? i hope i worded this correct. sorry english wasn't my first language. great tutorial!
How can we apply hash when the quantum computer will be finished? So can we assume, that the password hashing will be only a temporary method of protection? Am I right if I say that a good method of protection, in this case, is to limit attempts to log in up to 3 times an hour to avoid brut force?
HELLO SIR.. I M ASP.NET C# DEVELOPER. I LOVE UR TEACHING STYLE N CLAERLY I GET UR ALL PHP LECTURES. THANK YOU SOO MUCH FOR UR EFFORTS PLZ UPLOAD THE 41 42 VIDEOS IN THS SERIES... :)
Hi Dani, thank you very much for all those tutorials! In regards to passwords, what is your opinion about salting passwords? I was told that certain companies add it to hashed passwords. Do you think it would be good idea? and if so... do you have a tutorial for it by any chance?
You are wonderfull for me. I'm trying to make our website website with better inlog and more. All in php and mysqli. Your lessons are very helpfull. (I'm 60 years old now. first I did this all in dramweaver. grtGrrt
I don't think password_verify actually dehashes, instead it hashes the input and uses an algorithm to see if it corresponds to the given hash (giving all the necessary like salt and cost)
each time you hash something its always different, so how would the password_verify function know in which exact way to hash the inputted password then?
its not always different, for example, MD5 you see when you download a file, if you MD5 that file, you will get the MD5 result, otherwise its pointless. say SHA256("nihao") will always yield the same result.
Actually it is never different. From Wikipedia: "A hash procedure must be deterministic-meaning that for a given input value it must always generate the same hash value"
Is it also save to hash a password with sha512? And then for comparing them, instead of dehashing you hash the input and compare them with the database. Love this method as well tho :D
Nope, that is definitely not safe! Whenever a hackers steals the hashed passwords from your database, he can dehash it (with lookup tables) and get the full password from that one user. Bcrypt adds a randomized 'salt' to it so that it is (almost) impossible for the hacker to retrieve the original value. So, don't just hash passwords with sha or md5 and store them in a database.
For example, hash a password with sha512. Copy the value and paste it in the text area at this site: crackstation.net/ For simple passwords, you can get the value back. More complex passwords, however, may not be found.
name is absolutely right here. You should not use either md5, sha256 or sha512, since hackers figured out how to solve these algorithms long time ago. Thats why bcrypt is so awesome, because if hackers somehow (which is very unlikely) figure out how to bypass it, then bcrypt will just get updated and yet again be safe to continue using.
If two different users create the same user name and password, how does the correct user get verified when logging in? You said two different hashes would be produced when the user registers. Is there a magic trick to determine the correct user to validate?
I don't think that you can get someone to enter a password and then check it in the database? I think once you hash the new password, it will always be different from the database and won't work...
It's been set to private. Probably the creator was catching a lot of heat for making it procedural instead object-oriented? I dunno. Maybe he wants to monetize it?
I'm getting an error says 'call to undefined function password_hash()' Idk why I did exactly what you does, any thoughts about it? Edit:I'm using 1.8.2 version of xampp and 5.4.22 Php Version does it affect my program?
Yes, you should definitely upgrade. A lot of changes were made since then. PHP is all the way at 7.0+ in its version now. It should fix your undefined error.
@@Dani_Krossing yep thank you very much. That's exactly what I did, coz back on your tutorial I saw the version of your Xampp was compiled on 2015 while mine is 2013, didn't notice that I was using an old version of xampp hehe, Thank you sir, I'm almost finish with this tutorial, have a good day.
respected sir, i get a lot of knowledge from your lessons: now i have a problem, when i practice of password_hash function i receive this error message in chrome browser: {{{{{{Fatal error: Call to undefined function PASSWORD_HASH}}}} kindly help me.
Suppose i have to store chat messages in my database in a secure and hashed format how can I dehash those text messages whenever it is displayed back to the user?? Can someone tell me a better way to encrypt text messages in php and MySQL database
You'll have to encrypt them instead of hash them. Encrypt means it uses a key and so they can be decrypted. It's less safe than hashing of course because if someone gets hold of the key then they can access everything.
Sir is there any chance to view the normal password ni phpmyadmin coz i don't know to view the normal password in database.it will be hard especially when I forgot the password :( thanks in advance sir
No that would defeat the purpose of hashing it hehe. The point is that we SHOULD NOT be able to see the password in the database in case a hacker gains access.
So about this Login system tutorial (link starts at hashing part): ua-cam.com/video/xb8aad4MRx8/v-deo.htmlm42s - the movie is private, is this will be avaible?
can you make a video on how to create a sub-domain dynamically through PHP i have done the same it is creating domain too but in root folder it is creating problem following is the code
but in root folder it is creating not creating the folder of same name as entered by user it is creating folder named as'$domain.example.in'. Please help Thanks in advance.
It thought the whole point of hashing was you can never "de-hash" it? You can only re-hash new information and compare with the saved/old hash... I thought it was encryption and decryption where you could get the information back
De-hashing is imposible mathematicly that is why it is safe.
Hashing uses functions that can't be inverted so when u use the first parameter that is the actual pass and the second parameter that is the same pass just hashted it grabs the first parameter hashes it and compares it to the second parameter and if that is true it returns "1",that is how i think password_verify() works,since hashing is not an invertable function.
BTW still the greatest PHP tutorials on youtube.
You are absolutely right :) I explained the process wrong in this video.
Nice 😊
But how come the password_hash() gives different outputs for the exact same input?
It's not the same as using a sha1() function and then manually comparing it with the input.. Which is better? and why?
@@MrNsaysHi For security dear, if he can't give different in any second, hacker can have solution to hack
@@malloumjr
But isn't hashing a one way function that always gives the same output for the same input?
I have been watching the series so far and I learned a lot since. Thank you for doing such well done tutorial and putting it on the web for free. Technology is powerful and its effectiveness is enhanced by people like you sir.
literally the best video out there explaining hash and dehash without spending more than 10 minutes
this is the best channel for learning front end and back end thank you for this
This is an amazingly simple, informative and pleasurable video to watch, thanks for making it so well!
Active channel making php tutorials? Unheard of - and awesome
Your tutorials are very good and simple to understand thank you very much
You are the best man .I suggest to make some project using all you learned to us such as inventory website or something like that .it will help us alot and you can make it payable and will buy it .
I understand every word you said in HTML/CSS curse,PHP and OOP PHP .
Please make it free..
in HTML/CSS *"CURSE"*
Completely worth to buy! Please make some project tutorials!!!
THANKS HARITH FOR SHARING
simple and easy. Thanks bro
Thanks! Used your video to learn how to do test assignment.
Hie Daniel your teaching is amazing have you considered creating on lengthy tutorial that we can purchase in Udemy?
Very helpful video. Thank you!
Thanks now i understand how to use this hash 😁
You don't mean that you can actually DE-hash a hashed string right? If a hash can be de-hashed, it's not a hash anymore.
I'd recommend watching the video to the end.
No it doesnt dehash it at all. Theres a ”salt” at the beginning of gibberis marked with two dollar marks. It’s used on original hash (rest of the string) for making it more complex and random. Password_verify() uses that same salt for hashing now inputted password and combines it to hash picked from database, and if this matches - password was correct.
I really appreciate your great help. Thank you really much!
i have questions:
1. so basically when i Password_Has the first input i have, it will encrypt the text....but whatever i input there(ex: Test123) it IS STILL "Test123"? just being randomize when you echo it?
2. is Password_Verify() similar to If and AND comparison statement but it will decyper first the encrypted password?
like in If statement, you are trying to compare it like:
if($input == $hashedPwdInDb){ echo "1";}
but unlike a regular If Statement, it has the function to decyper the hashed password then compare it to the $input?
i hope i worded this correct. sorry english wasn't my first language. great tutorial!
How can we apply hash when the quantum computer will be finished? So can we assume, that the password hashing will be only a temporary method of protection? Am I right if I say that a good method of protection, in this case, is to limit attempts to log in up to 3 times an hour to avoid brut force?
HELLO SIR..
I M ASP.NET C# DEVELOPER. I LOVE UR TEACHING STYLE N CLAERLY I GET UR ALL PHP LECTURES. THANK YOU SOO MUCH FOR UR EFFORTS
PLZ UPLOAD THE 41 42 VIDEOS IN THS SERIES... :)
Hi Dani, thank you very much for all those tutorials! In regards to passwords, what is your opinion about salting passwords? I was told that certain companies add it to hashed passwords. Do you think it would be good idea? and if so... do you have a tutorial for it by any chance?
Is better use BCRYPT or password_Default ?
learned a lot from this video.
Thank you very much for your videos!!!
*Will you pls reply to tell which is the **_BEST_** and **_SAFEST_** method of hashing passwords? BCrypt, Hashing It Two Times, S256, etc.?*
No just use BCrypt once :) BCrypt is automatically updated if it becomes outdated, so it will always be safe.
Tnx bro
Thank you, this help me alot.
thanks so much
thanks so much
Hello, your channel is fantastic. Did you know how many php classes you have?
Hello Daniel! Can I ask you a quick question? What color syntax/theme you're using? Thanks for the answer and for the great tutorial!
You are wonderfull for me. I'm trying to make our website website with better inlog and more. All in php and mysqli.
Your lessons are very helpfull. (I'm 60 years old now. first I did this all in dramweaver.
grtGrrt
hey hi dani the link you have given in your description is showing the video is private
I don't think password_verify actually dehashes, instead it hashes the input and uses an algorithm to see if it corresponds to the given hash (giving all the necessary like salt and cost)
each time you hash something its always different, so how would the password_verify function know in which exact way to hash the inputted password then?
its not always different, for example, MD5 you see when you download a file, if you MD5 that file, you will get the MD5 result, otherwise its pointless. say SHA256("nihao") will always yield the same result.
Actually it is never different. From Wikipedia: "A hash procedure must be deterministic-meaning that for a given input value it must always generate the same hash value"
a function with the same input can not produce more than one output else it is not a function at least i think i learned that on a calculus class.
very informative, Thanks :)
Is it also save to hash a password with sha512? And then for comparing them, instead of dehashing you hash the input and compare them with the database. Love this method as well tho :D
Nope, that is definitely not safe! Whenever a hackers steals the hashed passwords from your database, he can dehash it (with lookup tables) and get the full password from that one user.
Bcrypt adds a randomized 'salt' to it so that it is (almost) impossible for the hacker to retrieve the original value.
So, don't just hash passwords with sha or md5 and store them in a database.
For example, hash a password with sha512. Copy the value and paste it in the text area at this site: crackstation.net/
For simple passwords, you can get the value back. More complex passwords, however, may not be found.
what if you hash it like 3 times? using sha512, so you are hashing a hash?
King Otten you can, doesnt make it more secure. Can still be looked up in a rainbow table, hence why the salting process in bcrypt
name is absolutely right here. You should not use either md5, sha256 or sha512, since hackers figured out how to solve these algorithms long time ago. Thats why bcrypt is so awesome, because if hackers somehow (which is very unlikely) figure out how to bypass it, then bcrypt will just get updated and yet again be safe to continue using.
When is the link to the login system tutorial? The link is not working for me?
super cool!!
So what is password_verify really doing? Could you test password_hash(input) with passwordinDb with an if statement?
Can't find no.41 and 42 , are they missing?
ua-cam.com/play/PL0eyrZgxdwhwBToawjm9faF1ixePexft-.html
Please make a tutorial on how to create a contact form using php
Marshal Hembram I already did ;)
Kindly provide the link please :)
Superb
I forgot to ask.. do you still need to salt the password? I read somewhere that you still have to
Great tutorial :) I'd just like to ask how can I use that encrypted password to send email in PHPMailer? Thank you.
is this updated video? cuz, last time i checked is different from this one pls explain which parts you updated?
This video is updated and the most recent version of data hashing.
If two different users create the same user name and password, how does the correct user get verified when logging in? You said two different hashes would be produced when the user registers. Is there a magic trick to determine the correct user to validate?
Don't allow duplicate user names when accounts are created. ;)
I don't think that you can get someone to enter a password and then check it in the database? I think once you hash the new password, it will always be different from the database and won't work...
are you uploading again videos that you posted in 2015?
Can I ask where is the full version of Login system tutorial? I remember you had it before in the tutorial.
yap..link isn't working. Would be useful to see hashing in action
It's been set to private. Probably the creator was catching a lot of heat for making it procedural instead object-oriented? I dunno. Maybe he wants to monetize it?
@@Venezuelangel no it's just on another channel @ZbII
Please Dani Can you help me ? Code not work with me .I am using Atom.
5:45 dehash
How can I hash with AES 256 bit encryption? Or is bCrypt already that strong?
That doesn‘t work in my case. When I copy the hash and paste it into a variable, the verify method returns an invalid password 😢
OMG it worked but sequence is "This video is private".
ua-cam.com/video/LC9GaXkdxF8/v-deo.html
what is type of String after hashing (String , int or byte) ????
Guys, I am a little confused ( : What is the difference between hashing, real_escape function and prepared statements?
video on link is not available bro
How did you get that index.php file in the first place
what about random salt?
The 43rd video is private...how can i get it pleas?
Hey, video 44 is private, is this ok?
Please the password hash did not work when i type it, any help plz
I'm getting an error says 'call to undefined function password_hash()' Idk why I did exactly what you does, any thoughts about it?
Edit:I'm using 1.8.2 version of xampp and 5.4.22 Php Version does it affect my program?
Yes, you should definitely upgrade. A lot of changes were made since then. PHP is all the way at 7.0+ in its version now. It should fix your undefined error.
@@Dani_Krossing yep thank you very much. That's exactly what I did, coz back on your tutorial I saw the version of your Xampp was compiled on 2015 while mine is 2013, didn't notice that I was using an old version of xampp hehe, Thank you sir, I'm almost finish with this tutorial, have a good day.
link is broken
is it possible decode password hash
You made the login video private so I can't view it.
respected sir, i get a lot of knowledge from your lessons: now i have a problem, when i practice of password_hash function i receive this error message in chrome browser: {{{{{{Fatal error: Call to undefined function PASSWORD_HASH}}}} kindly help me.
good
This is lesson 43.. how can I get from lesson 1 to the end.. please 😭
Me it's always saying login=error in the url help how can it fix?
You talk way too fast as if the words are stitched together. Still, I thank for you these free tutorial videos.
You can turn on the subtitle and change the playback speed to 0.75. That should make it clearer for you
Link to login-Tutorial isn‘t working
44: vidoe on pvt whyyyyyyyy came so far
ua-cam.com/video/LC9GaXkdxF8/v-deo.html
it dose not work when stored in database
Suppose i have to store chat messages in my database in a secure and hashed format how can I dehash those text messages whenever it is displayed back to the user??
Can someone tell me a better way to encrypt text messages in php and MySQL database
You'll have to encrypt them instead of hash them. Encrypt means it uses a key and so they can be decrypted. It's less safe than hashing of course because if someone gets hold of the key then they can access everything.
42 is miss bro.
Sir is there any chance to view the normal password ni phpmyadmin coz i don't know to view the normal password in database.it will be hard especially when I forgot the password :( thanks in advance sir
No that would defeat the purpose of hashing it hehe. The point is that we SHOULD NOT be able to see the password in the database in case a hacker gains access.
So about this Login system tutorial (link starts at hashing part): ua-cam.com/video/xb8aad4MRx8/v-deo.htmlm42s - the movie is private, is this will be avaible?
so how do i hash the username with the same method like with the password?
method is the same but why would you hash the username? Username is public in most scenarios
can you make a video on how to create a sub-domain dynamically through PHP i have done the same it is creating domain too but in root folder it is creating problem
following is the code
but in root folder it is creating not creating the folder of same name as entered by user it is creating folder named as'$domain.example.in'.
Please help
Thanks in advance.
link does not work!!!
Yes it does!
The login video in the description of this video is broken T_T
ua-cam.com/video/LC9GaXkdxF8/v-deo.html
Greate tutorial, but next please talk slow, cause some of your words are unhearable.
The title is rather misleading. You don't "de-hash" with password_verify()
2:00
Password verify always returning false
It thought the whole point of hashing was you can never "de-hash" it? You can only re-hash new information and compare with the saved/old hash... I thought it was encryption and decryption where you could get the information back
Connor Gaunt it doesn't. It just hashes the password with the same salt and compares it to the one given.
I tried to crack the password. Did it in 3 seconds
How
when iam logging it takes any password and logging me in
This Video is Private
kkkkkkk
You talk funny
PAYWALLED Correct way ??? BS... UA-cam money isn't enough for you? You really need to fish for a buck a month on Patreon?
Stop using the term "DE-HASH". It is invalid. You can't DE-HASH.