Damn. I watched CS50 with younger David when I began Bachelor in Cybesecurity. Now I am writing my masters and still watching CS50. This quality of teaching will never bore me!
Wow! What a great lecture full of details. With CS50 , I am starting or already started to love computer science more than ever. Thanks alot for the CS50 team. Much appreciation!
Wow,i started cyber security with lesson 0 of this and i was able to decode the statement OR FHER...using a simple C program to be sure to drink.....I mean,,its actually of great help,,,i mostly lve the teacher.
31:31 WHAT if it uses auto completions and cache to check for autocompletion and if true enumerates this? Also sso and a sys admin resetting the pass and with permission has a prefered pass set could send from here; Especially with prompted to change passwd. Probably more of an IntraNet feature perhaps but i don't think makes the company poorly. 38:38 this means that if the adversary can go through bucket would know how many sets of hashes each bucket has and from 100 out of 10 groups only has 8 unique hashes? 55:46 is this why chatgpt hallucinates and how image generations are trained? 58:19 cant you just make the password filter and user account control to alarm when censored. 59:13 but do the mathematician discuss the salt and matching pairs variable? 1:02:03 but with ai now human longevity could be a declaration. Especially touch @1:08:@22 if RSA is secure. 1:11:59 26 might throw zerodivision error? since ///// mod is false ** mod != mod / True 1:15:23 But rotational ciphr would be the correct choice since at this layer you either decrypted the hash thus far or have abstraction scoped. 1:15:30 You mean that there are ascii and hex2dec similar that nuance salt:hashing pair values. 1:18:19 an unescaped, escaped reference to string literal symbol || ```PS2 1:51:59 dude is there a coarse for reversing Ransomware:@CS50:?
A. If salt value is chosen by moment on time, is there still a possibility any salting value be same as another one? Since any time moment is never same as another one. I believe if hashing function has in it a moment time variable, then it is impossible two or more salting values be the same. But, again, my assumption is based on the fact that hashing function has time variable (is base on time moments). B. 37:20 Are you refered to hash tables? Thank you professor.
In regards to the salting technique, given that a username on a website must me unique, isn’t it better to use that as salt, in order to guarantee that there will be no two equal hash values stored in the database? With the addition that to really guarantee uniqueness of the hash value its fixed-length must be of the same length as the max allowed length of the username and password combined.
Thanks for sharing! Helped me to find some really insightful discussions on the topic. Using usernames as salt indeed introduces some vulnerabilities, such as the creation of rainbow tables for the most commonly used usernames.
On salting method, why do the output characters include salting value? Why is it necessary? b. If hashing function takes for two password+salting (same password but two different salting), the output will normally be different without being necessary to have on beginning of two outputs the salting value, unless on software code it is fixed, but I do not find a reason why. Thank you!
I think he did that in order to ilustrate the concept... in a real world scenario salting is usually implemented by concatenating a random salt to the string BEFORE being hashed, which does make a bit more sense right.
@@TheMediinaa Thanks for rep!y. After the investigation I made all these days, I found that salting value is placed there because server needs it in order to complete hashing. Server must find somewhere salting value, and waiting user to enter password, then server hash both salt+password to complete hashing. Salting value may be placed anywhere. At the beginning (as illustated), maybe at the end of hashing, or even as a separate record in hashing database. But somewhere, because server needs it in order to complete hashing after password is entered by user. It's what student asks, and teacher answers/analyses with the example after this question.
Sir, where is the hashing function been stored? I guess somewhere on the server. Isn't there a possibility/danger for a hacker to find it there? Unless it is not stored on servers. But if not, where? Thank you!
The hashing functions are actually basically public, because typically companies use well-established hashing functions that are known to be very well implemented. But the hashing process is not easily reversible. Just because you know how to get from "password" to "hash value" (because you have the hashing function), it doesn't mean you'll know how to get from "hash value" to "password". It's crucial for these hashing functions to be a one-way street.
To be simple, it's a table that the hacker uses as a dictionary for smaller hash values, but they're quite expensive to create them for longer hash strings
If my public key can decrypt the message or value i send on the server and since the key is available to almost everyone doesn't that make me vulnerable to an attack?? I dont get it
No, the public key is only used for encryption, not decryption. If you (A) send B a message encrypted using B's public key, then B will use their own private key to decrypt the encrypted message you sent. In case you were instead talking about digital signatures: in that context, yes, the public key *is* used to decrypt. But in that context, the message (called "challenge" here) is not supposed to be kept secret. In that context, the goal is simply to verify that you possess a private key that has a mathematical relationship to your public key such as that when decrypting (through your public key) the encrypted challenge that was sent to you (encrypted by you using your private key), the result will be the original unecrypted challenge.
You pulled out a glass and water prop skit to explain variables in CS50, but no metaphor to explain RSA or DHE? Really? DHE was the perfect opportunity to pull out water colors or paints or something.
Man, the questions asked are so absurd, it's like they aren't even listening, I'm half way in and there's been the third consecutive question about reversing hashes. It's been explained over and over that it's irreversible, but they are unable to understand it. It's actually quite fascinating.
This is a beginner level course, with people from all kind of backgrounds/ with different technical levels. For some, these ideas are very new, and might be hard to understand. The idea is to bring everyone up to speed, even if it seems overly simple/repetitive to some.
@@blutube9916 sure, but the same question was asked over and over. He already explained that hashes cannot be reversed, there's no way to do that, and what does the next person ask? "But if I know the algorithm then I can reverse it, right?". This is an intelligence problem, they cannot learn, they are incapable.
@@kalei91 maybe exactly these questions were shown to make us, the viewers, feel smarter than we actually are? And make us more self confident. Haha. If serious, maybe they asked the same questions but in different forms because they doubted or didn't believe what they heard. Since hash functions don't require keys but only an input value it feels like you have everything you need to reverse the process by doing all operations in reverse order. On the other hand, Mr. Malan provided a good example when your hash function returns only the first letter of a word so lots of words will have the same hash. But I think irreversibility becomes really clear when you learn that the modulus operator is used in hashing. UPD: Actually, I thinked about it again after posting the comment and I think that Mr. Malan's example with a single letter is right on point. Since probably not every hash function uses the modulus operator, his example expresses the same idea, but more genereally.
They are unable to understand it because it hasn’t been explained to them. They merely gotten information that that is the way it is and curious minds question things and apply their current knowledge with what they are being told. To someone that is new to cryptography it is counter intuitive that there are mathematical processes that are not reversible, when what you’ve been taught at school clearly would be reversible. To the go out of your way and claim that this is some sort of intelligence problem is not just disrespectful but also wrong. They have the courage to ask a professor infront of a large audience instead of just nodding along even though they didn’t understand. I don’t understand what is so „fascinating“ about that…
Damn. I watched CS50 with younger David when I began Bachelor in Cybesecurity. Now I am writing my masters and still watching CS50. This quality of teaching will never bore me!
hes still young
They are changing the game with the high quality and easy to understand courses
Being Harvard student , i can assure u all that quality and purity of knowledge is fabulous both online and offline
fake
Wow! What a great lecture full of details. With CS50 , I am starting or already started to love computer science more than ever. Thanks alot for the CS50 team. Much appreciation!
"Alllright...THIS is CS50!..." always makes me goosebumps.
same bro
Explaining Quantum Cryptography in just 3 Minutes, what a genius! Even my non-IT friendly friends were really intrestet to listen to this
This CS50 is just the best
I love CS50
Thanks for giving free access on youtube and edex platform
Wow,i started cyber security with lesson 0 of this and i was able to decode the statement OR FHER...using a simple C program to be sure to drink.....I mean,,its actually of great help,,,i mostly lve the teacher.
i actually did it myself before he ask us to do so😚😚
How good are these courses to provide you the basis of a subject in an understandable way. Thank you!
Amazing it’s what I have been waiting for
My dream is to know what makes me active, and cs50 is one
Did I just get rick-rolled?
big fan
I JUST REALIZED WHILE WATCHING AGAIN FOR TAKING NOTES LMFAO
Cryptography is actually the trickiest thing to wrap my mind around, like multiple keys for locking/unlocking publicity/privacy...
realllll 😭
Thank you @David
Thank you
I thought the salt will preferably be the row number
Love how he respects Hackers
Ok. Thanks, i have upgraded my cyber security game.
31:31 WHAT if it uses auto completions and cache to check for autocompletion and if true enumerates this? Also sso and a sys admin resetting the pass and with permission has a prefered pass set could send from here; Especially with prompted to change passwd. Probably more of an IntraNet feature perhaps but i don't think makes the company poorly.
38:38 this means that if the adversary can go through bucket would know how many sets of hashes each bucket has and from 100 out of 10 groups only has 8 unique hashes?
55:46 is this why chatgpt hallucinates and how image generations are trained?
58:19 cant you just make the password filter and user account control to alarm when censored.
59:13 but do the mathematician discuss the salt and matching pairs variable?
1:02:03 but with ai now human longevity could be a declaration. Especially touch @1:08:@22 if RSA is secure.
1:11:59 26 might throw zerodivision error? since ///// mod is false ** mod != mod / True
1:15:23 But rotational ciphr would be the correct choice since at this layer you either decrypted the hash thus far or have abstraction scoped.
1:15:30 You mean that there are ascii and hex2dec similar that nuance salt:hashing pair values.
1:18:19 an unescaped, escaped reference to string literal symbol || ```PS2
1:51:59 dude is there a coarse for reversing Ransomware:@CS50:?
A. If salt value is chosen by moment on time, is there still a possibility any salting value be same as another one? Since any time moment is never same as another one. I believe if hashing function has in it a moment time variable, then it is impossible two or more salting values be the same. But, again, my assumption is based on the fact that hashing function has time variable (is base on time moments). B. 37:20 Are you refered to hash tables? Thank you professor.
Yes, there salt values are not meant to be unique.
yes, finaly
did he just rick roll us at 1:41:43
He did indeed)
That makes it so funny that this "binary" rick-roll's face is there for so long
Is the hash function same for both customer(us) and the adversary??
hash functions are publicly available. So yes
In regards to the salting technique, given that a username on a website must me unique, isn’t it better to use that as salt, in order to guarantee that there will be no two equal hash values stored in the database? With the addition that to really guarantee uniqueness of the hash value its fixed-length must be of the same length as the max allowed length of the username and password combined.
A good question! See security.stackexchange.com/a/69456 !
Thanks for sharing! Helped me to find some really insightful discussions on the topic.
Using usernames as salt indeed introduces some vulnerabilities, such as the creation of rainbow tables for the most commonly used usernames.
@@aleksandardimov897thanks for summarizing the answer!
On salting method, why do the output characters include salting value? Why is it necessary? b. If hashing function takes for two password+salting (same password but two different salting), the output will normally be different without being necessary to have on beginning of two outputs the salting value, unless on software code it is fixed, but I do not find a reason why. Thank you!
I think he did that in order to ilustrate the concept... in a real world scenario salting is usually implemented by concatenating a random salt to the string BEFORE being hashed, which does make a bit more sense right.
@@TheMediinaa Thanks for rep!y. After the investigation I made all these days, I found that salting value is placed there because server needs it in order to complete hashing. Server must find somewhere salting value, and waiting user to enter password, then server hash both salt+password to complete hashing. Salting value may be placed anywhere. At the beginning (as illustated), maybe at the end of hashing, or even as a separate record in hashing database. But somewhere, because server needs it in order to complete hashing after password is entered by user. It's what student asks, and teacher answers/analyses with the example after this question.
@@yiannisserpico2646 interesting, i think that makes sense.
Would be nice to hear from professor David himself though haha
rockstar is such a big company with obvious sheer cyber security..then how an adversary succeeded in obtaining crucial data from gta 6
Sir, where is the hashing function been stored? I guess somewhere on the server. Isn't there a possibility/danger for a hacker to find it there? Unless it is not stored on servers. But if not, where? Thank you!
The hashing functions are actually basically public, because typically companies use well-established hashing functions that are known to be very well implemented. But the hashing process is not easily reversible. Just because you know how to get from "password" to "hash value" (because you have the hashing function), it doesn't mean you'll know how to get from "hash value" to "password". It's crucial for these hashing functions to be a one-way street.
12:00
1. SA ✅
i didnt understand rainbow tables,can anyone explain?
To be simple, it's a table that the hacker uses as a dictionary for smaller hash values, but they're quite expensive to create them for longer hash strings
Any tips on the cheeky cipher in the second assessment? Hahah it was too hard for me, but the curiosity is killing me
I'm so lost with that one hahahaha
October 1, 2023
47:43
i think i can gess private key if i get public key, this right?
You can't.
If my public key can decrypt the message or value i send on the server and since the key is available to almost everyone doesn't that make me vulnerable to an attack?? I dont get it
That’s kinda the whole thing. It’s only a matter of time and risk. Cryptography 101 no? I haven’t even watched this yet, debating if it’s worth it
No, the public key is only used for encryption, not decryption. If you (A) send B a message encrypted using B's public key, then B will use their own private key to decrypt the encrypted message you sent.
In case you were instead talking about digital signatures: in that context, yes, the public key *is* used to decrypt. But in that context, the message (called "challenge" here) is not supposed to be kept secret. In that context, the goal is simply to verify that you possess a private key that has a mathematical relationship to your public key such as that when decrypting (through your public key) the encrypted challenge that was sent to you (encrypted by you using your private key), the result will be the original unecrypted challenge.
You pulled out a glass and water prop skit to explain variables in CS50, but no metaphor to explain RSA or DHE? Really?
DHE was the perfect opportunity to pull out water colors or paints or something.
1:41:34 Rick Roll again
Part of deletion has a rick roll
W
We got rick rossed just saying
Man, the questions asked are so absurd, it's like they aren't even listening, I'm half way in and there's been the third consecutive question about reversing hashes. It's been explained over and over that it's irreversible, but they are unable to understand it.
It's actually quite fascinating.
This is a beginner level course, with people from all kind of backgrounds/ with different technical levels. For some, these ideas are very new, and might be hard to understand. The idea is to bring everyone up to speed, even if it seems overly simple/repetitive to some.
@@blutube9916 sure, but the same question was asked over and over. He already explained that hashes cannot be reversed, there's no way to do that, and what does the next person ask? "But if I know the algorithm then I can reverse it, right?". This is an intelligence problem, they cannot learn, they are incapable.
@@kalei91hmm maybe you should be at Harvard instead 😂
@@kalei91 maybe exactly these questions were shown to make us, the viewers, feel smarter than we actually are? And make us more self confident. Haha.
If serious, maybe they asked the same questions but in different forms because they doubted or didn't believe what they heard. Since hash functions don't require keys but only an input value it feels like you have everything you need to reverse the process by doing all operations in reverse order. On the other hand, Mr. Malan provided a good example when your hash function returns only the first letter of a word so lots of words will have the same hash. But I think irreversibility becomes really clear when you learn that the modulus operator is used in hashing.
UPD: Actually, I thinked about it again after posting the comment and I think that Mr. Malan's example with a single letter is right on point. Since probably not every hash function uses the modulus operator, his example expresses the same idea, but more genereally.
They are unable to understand it because it hasn’t been explained to them. They merely gotten information that that is the way it is and curious minds question things and apply their current knowledge with what they are being told. To someone that is new to cryptography it is counter intuitive that there are mathematical processes that are not reversible, when what you’ve been taught at school clearly would be reversible. To the go out of your way and claim that this is some sort of intelligence problem is not just disrespectful but also wrong. They have the courage to ask a professor infront of a large audience instead of just nodding along even though they didn’t understand. I don’t understand what is so „fascinating“ about that…
did we get rick rolled ?
All the students are indian