Insert the web comic about password cracking from XKCD and how something like a cheap tool from the hardware store might in some cases be enough "motivation" to get someone to tell you their password. I'm not trying to approve of using violence or doing anything criminal but more just the theory that there's sometimes more than one kind of brute force attack
what about those röböttic? ´mözaic puzzles v??v after almost have a zentüree äfter bläde runäir you tell us you ´make ´securitti with phasyce ? ´är you outta yer eFFin mäinZ ^?^
kali has most of the tools youre using..... hash identifiers, hydra , john, mimikatz etc::::::: i think being security concious is the first step in staying safe while using computers
If you had a dataset of all the hashes of the password combinations you just described people using, would it not be faster to check a hash against this dataset than it is to re-hash every combination? If you had a 10TB storage unit, you could store about 4 billion hashes. You said that a graphics card could do about a million hashes a second, so 4 billion hashes would take about an hour on average to produce. If it takes 6 hours to go through all those common combinations, you'd just need 60TB of storage to have all of those combinations on hand. They would have to have an index to attach them to whatever password generates that hash in a different database. For 24 billion hashes (if that is our number) that would require an 11-bit or 2-byte index for each hash, which only increases the storage requirement by less than a terabyte. If your storage had a throughput of 3500 MB/s, then it would take you about 4.8 hours at most to find the correct hash, which is only 20% faster. Let's say you had the dataset of hashes divided among 10 computers, though, and you fed each of them the target hash. It would take less than half an hour to do the same work. If you had 100 computers, it would take less than 3 minutes. If you had a thousand computers, it would only take seconds. You could optimize the comparison with sorting algorithms as well. Only search the region of the dataset which matches the first byte of the hash and that'd speed it up by a factor of 256, which split among multiple computers could bring your time to crack down to milliseconds. Your server receives a hash, sends that hash to a farm that compares it to an optimized dataset of all common passwords, and returns the password near instantly.
I was thinking something like this too, really the only explanation as to why this isn't being done is that it requires too much storage / maybe too much infrastructure
if you're able to make those processors of separate computers work in parallel, it will be possible, but bruteforce isn't just word by word but combinations of previous symbols, letters and numbers. If you also meant to make the computers communicate through wireless or wired you're bound to the speed of that medium you are using, which is not noticeable until you make all those thousand of computers communicate on the same medium. This might work with the help of accelerators and make a program than utilize a simultaneous and heterogeneous computing.
So you are telling me my 60 character random password is not going to get cracked so easily. I would have gone for a longer but the service had a character limit. Also since i didn't use a password generator or manager i store it in my primarily 256 bit encrypted server which could be a point of vulnerability, but if the hacker did so much work i would just give up.
Never had issues with Bruteforce on my (own) Servers/Services. Just lock Accounts (or/and IP) Policy after 5 unsuccessfully attems. If you "allow" Brute Force.. its up to you.
This video was helpful, at least now I can crack my own passwords if I forget them... And if I can't, that means that I've chosen really good passwords...
Great vid. Best Ive seen to explain this to non-techies. What isnt addressed 1. The computational complexity of muliple words in sequence (obfuscated with special chars) - a method many people (even geeks) use to remember the very few that must be remembered (hopefully one), 2. Combination of any method with bio-measurement (eg facial recognition, fingerprint recognition, iris recognition). How vulnerable is this if hashing is local to the device, 3. Apple’s new passkeys (sounds awfully like ssh to me).
Until then we have geometric encryption as a standard. The Signal messenger already uses it so quantum computers cant crack their asymmetric encryption (which is even weaker than the symmetric encryption that is used in hard drives or password managers)
You are not going to have hardware speed up by a factor of about 3 million in 10 years. Assuming Moore's law doubling every 2 years, you are off by a factor of 100,000. Impressive.
Quantum computers are mostly a concern for asymmetric encryption (messenger apps) not necessarily that much for symmetric encryption (PW managers, hard drives). And there are also new encryption methods approved by NIST that withstand quantum computers (e.g. geometric encryption)
@@carloareaserhow exactly do you add 2 factor on a hard disk? What I mean is protecting against the hard disk being taken out of your computer and attached to another. There is no 2fa for that
@@neb_setabed Hackers find security bugs that allow that to be bypassed. Apple tries to find and fix these bugs. Then hackers try to find new bugs. It is a constant back and forth
@@neb_setabedthey circumvent it. Thats the reason why grapheneOS (most secure open source mobile operating system) is only put on Google Pixel devices. They have a special chip inside (Titan M2) that blocks multiple attempts and basically makes the phone unreadable if someone tries to remove it
Technology will be better in future....for now brute force aint well...but with future tech and ai help... there'll be next level tech for cracking passwords
They already talked about it and there's 50x other videos about the topic. It's already been done to death. There's more interesting things to talk about.
BRO, Please make your command prompts extend a few more keyframes on completion. damn, you say pause, but it’s next to impossible to screen shot them when you have some crazy transition play before I can screenshot the full output. thx bruh! love the video!!
Hi guys ,great channel, is it possible to recover wedding photos from a SD card, that has not been overwrite on.? Anyone can reply, thanks for any imput, just says , no history, SD card was put in then took out then put back in.
any one else feeling a little less secure, started, confident, but by the end, not so, the only thing I'm not that interesting enuth to need that much of working passward? but tech. and now AI getting better, no one password going to be safe, to point not password might as el not be there? how bout biometric fingers, eyes, clorict tracts (futurarma), at end the day the complated password text files?
I crimged pretty hard when you said authentifucation 😂 It's *authentication* - no "if" in there. And offline attacks against whole-disk encryption are a lot harder if the encryption key is in the computer's Trusted Platform Module rather than on-disk. Having it on-disk is like hiding your front door key under the door mat.
Have you ever encountered password theft and what were the consequences? Tell the most interesting stories under this comment ;)
Why aren't you using Arch Linux ? why Parrot or Kali ? is this because of Reachability ?
edit: Basically why Debian ? [Don't just say, Why not ?]
Can you do one on sim swapping?
Insert the web comic about password cracking from XKCD and how something like a cheap tool from the hardware store might in some cases be enough "motivation" to get someone to tell you their password. I'm not trying to approve of using violence or doing anything criminal but more just the theory that there's sometimes more than one kind of brute force attack
what about those röböttic? ´mözaic puzzles v??v
after almost have a zentüree äfter bläde runäir you tell us you ´make ´securitti with phasyce ? ´är you outta yer eFFin mäinZ ^?^
May you explain how people use bruteforce on emails and other accounts when it should lock the account after few tries ?
kali has most of the tools youre using..... hash identifiers, hydra , john, mimikatz etc::::::: i think being security concious is the first step in staying safe while using computers
If you had a dataset of all the hashes of the password combinations you just described people using, would it not be faster to check a hash against this dataset than it is to re-hash every combination? If you had a 10TB storage unit, you could store about 4 billion hashes. You said that a graphics card could do about a million hashes a second, so 4 billion hashes would take about an hour on average to produce. If it takes 6 hours to go through all those common combinations, you'd just need 60TB of storage to have all of those combinations on hand. They would have to have an index to attach them to whatever password generates that hash in a different database. For 24 billion hashes (if that is our number) that would require an 11-bit or 2-byte index for each hash, which only increases the storage requirement by less than a terabyte. If your storage had a throughput of 3500 MB/s, then it would take you about 4.8 hours at most to find the correct hash, which is only 20% faster. Let's say you had the dataset of hashes divided among 10 computers, though, and you fed each of them the target hash. It would take less than half an hour to do the same work. If you had 100 computers, it would take less than 3 minutes. If you had a thousand computers, it would only take seconds. You could optimize the comparison with sorting algorithms as well. Only search the region of the dataset which matches the first byte of the hash and that'd speed it up by a factor of 256, which split among multiple computers could bring your time to crack down to milliseconds. Your server receives a hash, sends that hash to a farm that compares it to an optimized dataset of all common passwords, and returns the password near instantly.
Bro calm down
I was thinking something like this too, really the only explanation as to why this isn't being done is that it requires too much storage / maybe too much infrastructure
@@Avighna the main reason is that salt and pepper exist in hashing
if you're able to make those processors of separate computers work in parallel, it will be possible, but bruteforce isn't just word by word but combinations of previous symbols, letters and numbers. If you also meant to make the computers communicate through wireless or wired you're bound to the speed of that medium you are using, which is not noticeable until you make all those thousand of computers communicate on the same medium. This might work with the help of accelerators and make a program than utilize a simultaneous and heterogeneous computing.
@@mthia This makes sense. Salt changes the whole hash including the first characters afaik.
Amazing vid! Was not aware of how bad is my cyber security xD
So you are telling me my 60 character random password is not going to get cracked so easily. I would have gone for a longer but the service had a character limit. Also since i didn't use a password generator or manager i store it in my primarily 256 bit encrypted server which could be a point of vulnerability, but if the hacker did so much work i would just give up.
Never had issues with Bruteforce on my (own) Servers/Services. Just lock Accounts (or/and IP) Policy after 5 unsuccessfully attems. If you "allow" Brute Force.. its up to you.
love the way how you organise and show things in videos , excellent
This video was helpful, at least now I can crack my own passwords if I forget them... And if I can't, that means that I've chosen really good passwords...
Video quality and editing is amazing
Thank you so much 😁
What programming language will need to learn to do for security in data center? I’m interested in Kotlin, will it help?
I love the Mr.Robot references
Great vid. Best Ive seen to explain this to non-techies. What isnt addressed 1. The computational complexity of muliple words in sequence (obfuscated with special chars) - a method many people (even geeks) use to remember the very few that must be remembered (hopefully one), 2. Combination of any method with bio-measurement (eg facial recognition, fingerprint recognition, iris recognition). How vulnerable is this if hashing is local to the device, 3. Apple’s new passkeys (sounds awfully like ssh to me).
Great points! Happy to have you with us
The big disadvantage of two-factor identification is that you need an internet connection, which wouldn't work with an air gap system
What about a hardware based 2FA like a digital security key?
@@wiezumteufel9024you mean like a token based login?
Hardware keys mate
please make a video of college server hacking🤔
U will be in jail cuz that's LinkedIn with college fees
Bro woke up and straight away choose violence 😂
Relatable😂
Even I have been also pondering about this for a long time ... 😂
Yah iam trying these
This video isn't going to age well. Check back here in 10 years when a 128 year password using 1000 GPUs can be cracked in 10 days by a simple laptop.
Until then we have geometric encryption as a standard. The Signal messenger already uses it so quantum computers cant crack their asymmetric encryption (which is even weaker than the symmetric encryption that is used in hard drives or password managers)
You are not going to have hardware speed up by a factor of about 3 million in 10 years. Assuming Moore's law doubling every 2 years, you are off by a factor of 100,000. Impressive.
What is the distro you used? I wanted to download it please 🌹
Luckily I changed my password after your short to the one you use in the video. Because It's super secure.
Love your videos ❤️
Thanks!
You can't go wrong with _Password1_
Sir, You cover the topics very well ❤ I have come to understand
When will the next video come sir?❤
Il
In a coupe of weeks! Thank you so much :)
What operation system are you using?
Your videos made me a lot more privacy conscious 😅 thanks brother love from india 🇮🇳
My pleasure 😊
I saw the pwnagotchi video and was like "damn, instant sub"
What os are you using?
Which os your use ?
Hey! Is it safe to apply on visual studio code and how to apply anonymously
Thanks for an interesting video. I do hope you found the cause of the distortions that were left into it.
Ur videos are the real valueable video ❤️
No mention of quantum computers in the video, quantum computers would shorten those years to hours and days.
Luckily there's no quantum computer yet
There already are, but they have too few qubits, aka they are not powerful enough yet
Quantum computers are mostly a concern for asymmetric encryption (messenger apps) not necessarily that much for symmetric encryption (PW managers, hard drives).
And there are also new encryption methods approved by NIST that withstand quantum computers (e.g. geometric encryption)
Great video! ♥
Thank you!
how can you do 2fa on offline devices? e.g. your hard disk
@@carloareaserhow exactly do you add 2 factor on a hard disk? What I mean is protecting against the hard disk being taken out of your computer and attached to another. There is no 2fa for that
Brute force is used to break phones all the time. Usually takes 3 days for a basic 4 digit.
A few weeks for 6 digit
How do you deal with the phones auto wait period after x amount of failed tries
@@neb_setabed Hackers find security bugs that allow that to be bypassed. Apple tries to find and fix these bugs. Then hackers try to find new bugs. It is a constant back and forth
@@neb_setabedthey circumvent it. Thats the reason why grapheneOS (most secure open source mobile operating system) is only put on Google Pixel devices. They have a special chip inside (Titan M2) that blocks multiple attempts and basically makes the phone unreadable if someone tries to remove it
@@neb_setabedthere’s ways too disable them or actually turn them to an extremely high value
u got new subs! 😍
tpm would handover the key, you just have to intercept it.
Technology will be better in future....for now brute force aint well...but with future tech and ai help... there'll be next level tech for cracking passwords
I miss the old days f modern warfare 2 when it was just the boys and a a Xbox 360👾
Can you explain what is
'cicada 3301'
And what if, if someone solve this puzzle then what he achievements
Check their old videos they talked about it.
They already talked about it and there's 50x other videos about the topic. It's already been done to death. There's more interesting things to talk about.
BRO, Please make your command prompts extend a few more keyframes on completion. damn, you say pause, but it’s next to impossible to screen shot them when you have some crazy transition play before I can screenshot the full output. thx bruh! love the video!!
is Proton Pass is Good for storing crypto wallet keys ???
It's as good as Proton security. I'd recommend Keepass (offline password manager).
Better create an encrypted vault then store it offline on multiple devices
Hi guys ,great channel, is it possible to recover wedding photos from a SD card, that has not been overwrite on.? Anyone can reply, thanks for any imput, just says , no history, SD card was put in then took out then put back in.
any one else feeling a little less secure, started, confident, but by the end, not so, the only thing I'm not that interesting enuth to need that much of working passward? but tech. and now AI getting better, no one password going to be safe, to point not password might as el not be there? how bout biometric fingers, eyes, clorict tracts (futurarma), at end the day the complated password text files?
Which linux is he using? Looks similar to blackarch but im not sure. if anyone knows pls comment
Ubuntu maybe
I don't think you can tell with linux as its quite customisable- if you want it to look like that you can probably use any distro you want
This video makes me want to make an enterprise honeypot
Why are there 1.8M like son 5k views?
Any password can be cracked with a wrench attack.
hahahah
I forgot my password
ty tip
We do bruteforce in Android password but only 3-5 try after it's lock for 30 min
how to bypass and try unlimited trys
Toast.
Take a long phrase from the Bible and select an obscure language. This may be one of the hardest passwords to brute force.
15627
I crimged pretty hard when you said authentifucation 😂
It's *authentication* - no "if" in there.
And offline attacks against whole-disk encryption are a lot harder if the encryption key is in the computer's Trusted Platform Module rather than on-disk.
Having it on-disk is like hiding your front door key under the door mat.
but in the end, the password “1111” is still the most secure, because Bruteforce does not check this combination
What do you mean
😐
Let's put 10 ads in a 16 min video what a classic.. you clowns
It's December. The payouts are 🤌
You'll see a lot of ads this month.
what bro is using chrome with "Add extra ads" extension ?
Bro I'm just using the youtube app? Wtf is chrome ?
@@vinnypistone. now see who is clown!!
@@vinnypistone.Use Revanced