Password Attacks - SY0-601 CompTIA Security+ : 1.2
Вставка
- Опубліковано 2 чер 2024
- Security+ Training Course Index: professormesser.link/sy0601
Professor Messer’s Course Notes: professormesser.link/601cn
Professor Messer's Practice Exams: professormesser.link/601ytpe
Discount Exam Vouchers: professormesser.com/vouchers/
Professor Messer Recommended Study Materials: professormesser.link/601rs
- - - - -
There are many different techniques that the attackers can use to find your password. In this video, you’ll learn about spraying attacks, brute force attacks, hashing, dictionary attacks, rainbow tables, salt, and more.
- - - - -
Subscribe to get the latest videos: professormesser.link/yt
Calendar of live events: professormesser.com/calendar/
Frequently Asked Questions: professormesser.link/faq
FOLLOW PROFESSOR MESSER:
Professor Messer website: professormesser.com/
Discord chat: professormessermesser.com/dis...
Twitter: professormesser.com/twitter
Facebook: professormesser.com/facebook
Instagram: professormesser.com/instagram
LinkedIn: professormesser.com/linkedin - Наука та технологія
Actual story: a user came to me with a Tablet with a pattern password, he told me that he forgot the password, I performed a Google search for the most common pattern passwords, and guess what, the 6th password I tried was the correct one...
😂😂
Another incredible video. Just passed the exam and absolutely this video is important. Make sure to watch the whole thing!
Congrats!
Congrats. Were you able to secure a job
@@okegs4real Yes absolutely. I was taking this exam to meet the requirements for a job.
@@thereaper1766 what is pay range for cybersec beginner jobs? Did you already have IT experience? I'm completely new to this field, no IT experience
@@okegs4real I actually needed this for a Software Developer position. I had a little IT experience but mostly programming. Also I think pay is VERY regional because it fluctuates a lot based on location.
God, I started watching your videos years ago and I love how you still use Stargate names for things. Funny how when I started I was going into a job for a help desk position, and now I'm a SysAdmin.
"Rainbow Tables won't work with Salted Hashes"
U da man, prof Messer
Got my A+/Net+, thanks to ur videos, now on to Security+
Happy New Year
imagine saying that phrase to someone out of the industry
I'm so astonished, of how great Professor Messer is, his videos are extremely beneficial, and what I love so much about it as well, he dives right in, as soon as the first second of the video begins , which is so time-efficient, much love professor!
watching the whole series for my security+
Me too!
I appreciate Professor Messer is a Stargate fan!
It is really hard for me to listen to the same voice but you keep me incredibly engaged. Thank you for doing this!
2:35 stargate reference... nice!
I don't see too many comments. I want to thank you for all the help with keeping the information straight to the point but giving awesome examples!
You just earned a new level of respect for being a fan of Stargate
i love this guy. Brilliant material!
Thank you so much! Your videos are super helpful!
i love your explanation prof! keep it up!
Thanks for the videos, you are amazing.
great content, very clear and precise
This video is incredibly interestinggg!
The stargate reference made me smile lol
I see that Stargate SG1 reference
Indeed.
Thanks Professor Messer! :)
Thank you!
How do you create a hash?
how would they know which hashing algorithm to use in order to do a brute force on hash data?
Question. Lets say person A has the password, "password". And person B has the same exact password. Would both A and B's resulting fingerprint be the same exach hash string?
Okay further in the video. Using the same algorithm, it ends up being the same hash. So what if you use a different algorithm? Of course it would be different. So is it a good idea for many different types of algorithms to be common to make it even harder for hackers? Or is the Sha one you mentioned the most common?
How does one "add salt" to a password? Isnt the password saved as a hash upon entering it successfully? So wouldnt that mean youd need to add a random string of stuff to the password before hitting enter? Because that would cause you to have the wrong password and be unable to log in. Or, is it that when you sign into something, the application, or site, will add the random string automatically, prior to generating and writing the hash?
Hi Professor, thanks for your videos. It has been helpful for me to prepare for Security+ exam. I am planning to take practice exam from your website before taking a real exam. I have been watching till this video so far. What do you recommend me about when can I take practice exam ? Is that recommended if I take it after watching all 177 videos or what? Thanks.
Long length and rainbow passwords is what I trust
What's a rainbow password?
How do you do passowrd hash for encription
tells us not to click suspicious links I immediately check out the link he spoke of and put my email in.
So I have a question. If you are storing the password, it is so you don't forget it. If you hash the password and store it but can't reverse the hash. How do you retrieve the password for use later?
You don't retrieve the password for use later. That's the point of using the hash as a storage mechanism for passwords.
@@professormesser so not physical storage like a password manager? Storage like cpu use or memory?
@@trickwheel to my knowledge, I don't think you hash them yourself. Windows hashes your passwords and saves it. When you enter your password to login, it compares that has to the saved hash, if it matches, then it lets you login. You should use a password vault to remember passwords.
@@jenkaigaming thank you. That makes more sense. I was thinking in simplistic terms of storing a password. Brain fart. 😆
Let's say 2 user use the same passeword ("12345" in this case), once they generate the hash value for their respective passwords, tho being the same, they will still get unique hash values for the same password. So how does adding random data at the end (salting) of the same password even help? Also how can a hacker utilize a hash value, since they are unique for the same password.
The hash values of identical inputs would be the same. The salting provides the additional randomization.
So is brute-forcing generally done after a hacker gets the password hash?
generally they try to brute force with accquired hashed via a breach of some sort and they can have at it offline. if they try a online attack without the hashes more than likely the account will get locked out after multiple attempts.
Hi, unfortunately I still don't understand the idea of password file. Can someone explain? why is that for?
It’s for you to see how it converted a user to a hash that’s it
My question is if your going to hash your password to not keep it as plain text and then you forget the password, how would you be able to use the hash to get your password again since that would be the reason for writing it down?
You don't. We set a new password. It's not meant to be retrieved in plaintext ever again. The server hashes the password you're trying to log in with and checks for a match with the hashed password stored.
My email was pwnd 8 time since 2013 ;A;