I remember in the early 2000s telling a training class that password protecting a PDF was useless. A person in the class sent me an email with a password protected PDF and I showed them in real time how you could open the pdf and remove the password. Then I ran a password brute force attack and by the end of the day I had it open. Really put the lesson of once you send a file to another person you lose all control over the data.
@@God.Almightyi know how to quit vi and if things are really ugly emacs. But nano?? -Z kill -9 %% Newfangled %^>>■*# 😅 It took years to convince me of ci. I used to use ed(1) which these days is too hardcore for almost everybody. I occasionally also use ex. Just Teco is too tough even for me 😂
Nano? Vi? What the f? 'Oh my... your terminal runs a GUI!' Tough luck. Sure, it’s text and keyboard based-but nah, still sucks. I won’t waste CPU or memory on that sheit. Single row? No prob, ed’s ready to go. No scrolling, no fluff, just commands that flow. Ed is all you need. It’s fast, it’s lit. Once you go ed, you’ll never be misled!
About 20 years ago, as a teacher teaching some computer courses, I went to a workshop on computer security. The guy running the workshop said that the best way to learn how to keep a computer network secure was to learn how to hack it. We learned a few things but nothing like the actual class he taught. In it he had a virtual network he set up. The students, in groups, would create their own LAN, set up their routers and anything else needed, secure it and then try to hack into each others networks. Didn't get a chance to take the course but would have loved to. Just seeing what I did made me realize that nothing is really secure if someone really wants to get in bad enough.
Yesterday I cracked an 8 digit pin number using a timed side channel attack from the command line. I had heard it was possible but didn't think it would be easy enough to do it long hand. It was like a scene straight out of the movies. I was blown away!
I have a zip file.I encrypted many years ago, that I have since forgot the password for. I knew one day I would be able to crack it. That day has come.
me too from when i was very young with shall we say exotic photos in it. doubt at my age now and with so much free spice on the web, i'd find those photos too exotic anymore.
I'm a retired mathematician. I would never try to write my own encryption, unless I had a ton of help and people willing to review the code. Even then, I wouldn't do it. I'd also mention that salting is a good idea. Lots of things do salting and hashing.
Salting breaks bulk attacks. If two passwords are the same, but have different salts, they will have different hashes. If you have a table full of user accounts and none of them were hashed, even without breaking the passwords, you could tell if two accounts had the same password because they'd have the same hash. By salting the password, you mix in some random data, which not only means even the same passwords will have different hashes, but each account will need to be attacked individually because any resulting hashes are only valid relative to the salt used.
The simplest solution to strong passwords is to use a long (over 16 characters) random strings including upper/lower+ special characters. Those are nearly uncrackable with today's computers. No need to remember them, just use a password manager.
Another great video with explanations and demos! Us old geezers learnt this decades ago (as you say), but I love that this is yet another perfect video to share with younger colleagues!
In a way it has become less relevant these day. Back at university most UNIX systems were not behind a firewall so password security was essential even though hacking wasn't yet as much of a problem as today. So evey once in a while the BOfH (look it up if you don't know what it is, kids) on duty did collect the passswd files from all machines and yp servers and ran crack on them. 200+ systems usually found the first victims' passwords within a minute and foods like pizza, banana etc were always among the first ones. Depending on the moon of the admin the owners of the aggected account were either forced to set a new password when logging in the next time or their accounts were disabled to they had to pass by the BOfH's office in person and beg for forgiveness.
If someone gets /etc/shadow they already have root access. What matters at that point is NOT using the same password everywhere else (or anywhere else). Well, maybe not. If the disk is not encrypted you can mount the root partition as a simple disk and read anything on it because you are root on your own computer. In Windows, the target is the SAM file.
Dave, I'd love to meet you someday, not so much to hack systems but that you and I both lived the computer industry history. My first system was a PDP-8i connecting to Dartmouth Kurtz and Kemeny BASIC in 1965. I wrote the Craps game in Ahl's 101 Basic games. I worked at DEC as an instructor and DG as both an instructor and developer. LOVE YOUR CHANNEL
@@bradquinn2859 I was given a signed copy of Soul of the New Machine. I was at DG when the Eagle was made, I taught our field service how to deal with it, and my most fun was working (with two others) on the CLI. I met Tracy Kidder but didn't know he was writing about us.
I got started in actual computers in 1973 on a DEC PDP8-e, after I had left the USAF in Crypto Maintenance. Spent some time in computer security in securing CD-Roms.
Oh wow. And I thought I was an old timer with TRS-80 experience from 1979. Didn't get to learn anything useful until I gained access to some IBM PCs at school in 1984 to learn BASIC. Didn't pick up on C or FORTRAN until college years later. Thanks for sharing.
I remember using a system that asked users to change their password every month. And when changing it, the system checked if the password was SIMILAR to a previous one. So it obviously never even just saved the hash, but a plaintext version somewhere - to compare the passwords. In the end, people started to just write their passwords on paper and asking others if they can use their login, since their password expired or they forgot it. All due to the administrators having no idea what practical password security is.
It's truly frustrating making policies that force users to use insecure practices to be able to keep changing and logging in constantly with the theoretically secure password.
This totally obsolete practice is extremely frustrating when government departments like the VA, SSA, etc have a blanket policy of making the users change passwords on a recurring basis. What I have noticed is that it causes less security rather than more.
The corporate solution is OTP’s in a modern environment. Forcing periodic changes just for the policy of it causes office Post It Notes to help the cleaning crew sell your passwords. I use proton pass manager and OTP.
@@jim7smithTry being responsible for IT security at a bank. Back in 2010, we scaled back from forcing users to change their passwords every 90 days to every 60 - and that was despite regulators heavily pressuring us to go down to 30, despite our Risk Assessment showing exactly your point - users forgetting passwords, writing them down in places that can be found despite policy against it, etc. We successfully held the line at 60, and regulators finally stopped putting undue pressure on us in 2015 when they employed an actual engineer among their regulatory team and he got to see our use of passphrase training, longer minimum lengths on the passwords, etc. And now, as Dave showed us, even that is insufficient if the hacker gains access to the hash and brings to bear an offline cracking tool. Smh.
Fun Fact: With Master combination locks commonly used for gym lockers at school in the 70's, you didn't need to try 0-0-0, 0-0-1, etc. You only needed to try every 2, since the slop in the combination slots was 1.5 digits wide. Furthermore, the odd/even-ness of the final digit (hold up the shackle and turn the knob until you felt it give a little), told you the odd/even-ness of the other two digits. Thus, you only needed to try every four digits: 0-0-4, 0-0-8, etc. Yes, this based on personal experience ;)
The ones I were familiar with always had the difference between numbers as odd multiples of 2, such as 6, 10, 14. I expect that there was also some minimum separation. that might have ruled out +/- 2. By my calculations that would reduce the possible combinations down to something like 40 x 8 x 8 = 2560.
Most of them you can just shim with a strip of metal cut out of a coke can. Even quicker! It's a bit like computer security- many routers from ISPs have random (and therefore quite good) passwords but when people don't update their router and therefore don't patch exploits there's no need for a pwd......
In the 1990s I was working for a Federal agency. I was asked to use John on the machine that everyone used for e-mail. It was a Solaris box running at 2X50 MHz. I moved the file over to a SGI Indy box and ran John on it. Within 5 seconds I had a whole bunch of them cracked. The one that stood out - ncc1701. Start Trek Enterprise hull number. That password still shows up even today if the system doesn't do minimum checks on passwords. I think that machine had 6000 or 8000 accounts. The agency name showed up a lot in the cracked passwords. They always seem to. That SGI Indy box while a hot box at the time is laughably slow today. It had a whole 16 MB of memory, a 1 gig disk and I think it ran at 133 MHz. MIPS architecture. Fast enough that it supported video conferencing. I had a SGI camera on top of my monitor.
If the sysadmin doesn't hand out the hashed passwords and limits number of guesses to login, none of this cracking will get you anywhere regardless of how advanced your hardware/software is.
@@An.Individual - If you had physical access to the machine then password choice and encryption strength will make absolutely no difference. Concentrate on what's important, protecting those hashed passwords. And don't share a similar password between unrelated machines. Password choice just isn't important except in the most extreme cases.
I use a password manager with NON-SMS based two factor authentication to generate random passwords. The length varies depending on how important the account is. I have also started adapting passkeys where possible and disabling password based login entirely. You can’t crack something that doesn’t exist.
I always enjoy Dave's videos! My take from this is that I need to be much more careful about my passwords - especially at work. My personal stuff would just bore someone - but I work in a sensitive environment.
I remember taking the SAM file from a Windows NT 4 machine in the late 90s and cracking the administratior password. I ran it on a pentium 3 500mhz took overnight to crack password nsystemt I was totally amazed lol. Good Times. Great video as always Dave keep it up
The place I was working around then asked me to test the passwords in use on our WinNT & Win98 mixed network. Using inefficient ( John the ripper?) software on a two year old budget workstation (suitable only for tech support use) system the first success took less than 30 seconds. I had all but my own password inside of three hours. Nobody else had a password longer than six characters and nobody besides me used any special characters.
We used to periodically have password shaming day where we'd take the SAM, crack it, and then display all the terrible passwords in a company meeting. After we'd forced a password reset on those accounts, naturally. ;)
I can remember the days of cracking the NT passwords in about 2000-2001 which would take only a few hours using rainbow tables , if you have access to the machine it's all over . Which is why the need a little salt to stop every hash table being the same .
Ah, the days of lugging around an HD with rainbow tables, "just in case". And making the mistake of (at least once) having your client call you because "I forgot to tell you the password" and you replying "No problem, i just cracked it, already working on your problem". Cue a very very scared client... I learned a lesson about not disclosing too much, they learned a lesson on "weak passwords".
@@connclissmann6514 And everyone will know about it because you just changed it. The point of cracking Windows passwords was NOT getting in, it was getting in WITHOUT people being able to tell you did. Any lock/door can be broken in, but if you make a copy of the key, you can get in and out without visible signs of intrusion. Also, it breaks EFS so, bye bye files if you have any under it and do a reset.
Windows LanManager (LM) hash also only looked at the first 14 bytes. Even though that's more than the 8 for the ancient Linux crypt mechanism: Lanman capitalized all characters and then split it into 2 chunks of 7 bytes and use DES to encrypt it. Plus Lanmanager does not make use of a Salt LM has less entropy than crypt, mainly due to the capitalization of characters (aabbcc is the same as AABBCC) and the limited characterset as a whole Because LM split the first 14 bytes into 2 7-byte chunks it was also much easier to simply brute force a single chunk ( which has less entropy and lacks any Salt) In 1996 Microsoft did introduce NTLM which is case-sensitive but Windows still saved the old LM hash for backwards compatibility so you could still attack LM Microsoft stopped using LM at around 2006 Crypt was updated to a stronger hashing method around 1995 and crypt was considered obsolete in the early 2000's
@@jpp_vh It was 14 bytes. Any more would not make a difference. And capitalization also made no difference since all characters were capitalized before the hash was created. (2 hashes actually, one for each 7 byte part)
@@jpp_vh oh I see what you mean. That sounds reasonable. Still means that any password with less than 15 characters would indeed have a LM hash stored as well. Which is much less secure than NTLM.
My wife make fun of me for I make romance explosion at the specs description of the ripper pc. For real though... I have been learning I.T. for over 25 years now and I understand the depth of about 15% of what you speak on. None the less, I absolutely love all the content you put out. Have been subscribed for a long time
Great video. These are things I knew, and yet, without this video, I was not aware just how easy it is to access these tools. Seeing this, made me feel it in my guts. Very informative.
Unfortunately, the easiest way to discover someone's password is still this: just ask them for it. The amount of times I'd be speaking to a client (and they just trusted they were talking to the service desk) and they'd casually offer up their credentials after I'd mentioned security - mind-blowing Either that or look for a post it note stuck on the case. The average user is so unprotected it's wild.
Back in the 90's, a hacker named Kevin Mitnick did just that. Using social engineering, he was able to obtain people's passwords without trouble by concocting a simply story. No password cracker required. People gave them up willingly. Simply mind boggling.
New subscriber and just bought both your books on autism. My daughter has Asperger’s and she’s decided that I definitely have a little ‘tisim in me, which seems more realistic as time goes on. Looking forward to enjoy enjoying your content and thank you for writing the books.
Good video. It’s a good reminder for how to create secure passwords. Also everyone must never re-use passwords from one web site to another. This is the means by which if one site is hacked and hashes or passwords are discovered for one site, then that password will be used to hack into other sites using your stolen credentials.. I recommend using a password manager with a very long random password you keep stored in a safe .
11:52 brings back reminders of my friends going through and doing dictionary attacks of AOL accounts to get free internet. Password complexity was non existent in the late 90s. (My ISP password was 'hearts' and the work ISP password was 'stamps') so that list of passwords given in Hackers went a VERY long way.
Indeed, a good password is a random password; a password for which an attacker knows NOTHING. Longer passwords are generally better, but a 66 character password is useless when it's just 5 dictionary words glued together.
Great Video Dave. What do you think about the strength of programs that encrypt an entire drive. Programs such as TrueCrypt or VeraCrypt? How would you categorized their strength and level of security?
By using random letters/numbers/punctuations as your password there is very high chance you'll find that password written somewhere in plain text because ain't nobody remembering those combos especially if/when you have bunch of different ones. If you do remember good for you.
Look up "Diceware" (or "Horse battery staple? Correct!"). It uses randomly generated words in a random combination. You get equivalent entropy to a 12 character random character password with 4 or 5 words. 4 or 5 random words are easier to remember than random gibberish, but it is more typing.
@@bertiesmith3021 The password manager needs a password, which can be cracked. The best method, in my opinion, is to use a password that you will remember and then hash it 100,000,007 times, for example. Use the 100,000,007th hash as your password. You won't remember the hash (the real password), but you'll remember how to get to it. A brute force attack would require hashing every entry in your dictionary 100,000,007 times, which would take a substantial amount of time per entry, making that brute-force attack unfeasable. And that's assuming you already knew your target was using the 100,000,007 method, but he could be using the 100,000,023 method, or the 200,000,004 method, or the 10,073 method, for example. You could pre-calculate a few dictionaries at a substantial time cost--maybe the 10,000, the 100,000 and the 1,000,000 dictionaries--but not many more.
Can you elaborate on your aversion to multiple random word passwords? NCSC has reiterated that recommendation and I do not see how to apply dictionary attacks would make that approach just marginally better than one word (be it with or without modifiers). Having multiple words severely increases complexity here. See xkcd 936 :).
The simple explanation is that out of all possible combinations of characters, almost all of them are complete gibberish and only a tiny slice have any real words. The xkcd comic is assuming a raw brute force attack, a permutated disctionary attack only tries a very small subset of combinations of length x before moving on to length x+1. The end result is that in most real world scenarios, any real word in a passphrase is more like 2 or 3 single characters in a random password.
What are your thoughts on dice ware? It may also have been good to mention salting passwords to increase their length and prevent rainbow table lookups.
Everything you type on your keyboard can be logged and send later to an attacking destination, mentionning INT 6 keyboard as some keys to be interpreted by the current OS langage driver. So use some code to fill login form username and password, is a good start.
Great video, I have been trying to convince my wife to take complex passwords more seriously. I think this weekend we will sit down across crack some of her passwords. Hopefully she will change her ways. Thanks!!!
Great Video Dave. In the mid 90's I sold PC's with support. During one visit to a Customers house, I asked for his password (save asking I needed it) He seemed a little un-comfortable, but eventually whispered to me "It's I hate my Wife" his Wife was in the now quiet room.
Great episode, Dave! I think back to reading "The Cuckoo's Egg" by Cliff Stoll in which he encounters a dictionary attack for the first time as sys op for computers at UC Berkeley. It is a great read.
When you say don't use dictionary words in your passwords, you mean one word and some numbers at the end (or even common substitutes like @ for A), right? I've heard that using a pass phrase of 4 dictionary words and random separators is one of the most secure things you can do
I thought the same thing as you . I’ve heard it said from seemingly knowledgeable sources that say an 8word passphrase is very secure . Dave seems to saying otherwise ?
There's a big weakness with ZIP that's worth knowing about if you're either considering your options for securing files or looking at one of your old ZIP files from years ago and wondering how to get in. If the ZIP file contains multiple files and you already know the content of any one of the files in the encrypted ZIP there's a good chance you can recover the key without even needing to brute-force the password, by means of a "plaintext attack". A fairly bog-standard desktop PC from a couple of decades ago could do it. As far as I'm aware its a solved problem, fixed by "salting", but the file format would have to change to fix it so ZIP and many ZIP-like formats are probably going to stay vulnerable.
I believe that the Zip file encryption that Dave talked about is just the original method that Phil Katz threw in when he first developed the Zip file format. It was never intended to be secure in the sense that Dave talks about in the video. It was even weaker when the encryption was done using older InfoZip derived utilities back in the late 90s and early 2000s. There was an oversight in that code due to use of the rand() function in the C runtime library. Going back to the very early days of the product and until very recently (I retired about a month ago), I worked in the compression/encryption logic in WinZip. There was a commercially available command line app available around the turn of the century that exploited the rand() problem when that original encryption method was used. It typically took that app less than a minute or two on the computers of the day to crack most files encrypted that way. At the time I spent quite a while beefing up the random number generation in WinZip to correct that weakness. Regardless, the company (and most of the other Zip utility companies) never recommended the original Zip encryption for serious use. From the get-go, it was widely recognized as desperately weak. If I remember correctly, and please correct me if I’m wrong, symmetric encryption methods today are considered weak if the key size is less than something like 96-bits. There were other problems with it besides, but I believe the effective key size of the classic encryption for Zip files is somewhere in the vicinity of 40 bits. It’s basically nuisance encryption and has never been secure. To correct this problem, with the help of Brian Gladman and a few others, I designed and added very strong, AES based encryption to the Zip file format. That design is openly documented on WinZip’s web site, and has been part of the open Zip file format standard for something like a couple of decades now. It is considered secure, even by today’s standards. The key sizes range from 128-bits to 256-bits, and it uses established techniques to resist brute force password attacks and includes the use of things like SALTs, and authentication checks for extracted data. This has been in the field for a long time and is currently supported by most of the leading utilities available for working with Zip files. It does still have its challenges though _being password based_. And with the impending availability of quantum computers, the existence of Grover’s algorithm can reduce the effective strength of a given key size by half - post quantum. For example, given the 96-bits threshold (or more if I’m out-of-date on this), post quantum AES 128-bit would be the equivalent of 64-bits in todays world. That’s not nearly enough to be considered strong. If you want strong encryption today that will hold up in coming years, you’ll want to use 256-bit keys and, as Dave points out, _you’ll need to be smart about how you manage your passwords_.
I remember running JohnTheRipper in one of my undergrad classes at a downtown Toronto University. Needless to say, it was so much fun that I did my grad studies in Security.
Great explanation of hash cracking, love your vids! I was expecting you to end it with "Or just download a Rainbow Table and save yourself all that processing."
Hi, this is a great video. I'm currently studying IT and computing at University and this nicely expands upon some of the older cryptography standards that have been taught so far. Very interesting. Could you salt the DES encryption? I'm aware this is done on AES. This could be an interesting experiment if not. It would be interesting to see how quick this could be decrypted. I really enjoy your videos, thanks.
The biggest password problem I continuously encountered in 20 years of managing business and educational networks was user's misunderstanding of the purpose of a password. When I worked for a public school district, I quickly realized that MOST people think, and will even tell you if asked, that a password is "to get you into the computer". Even when I would explain that the password was to keep unauthorized people out, they'd say, "Oh, I don't care. I don't keep anything private on my school computer".
Thanks Dave, great information. What do you use to manage your dozens or hundreds of unique passwords? Password mangement for the end-user remains a poorly understood process.
I remember the 8 character password thing from high school. I had made a 100-character password and learned to enter it in 30 seconds (in reality, it was 7 random letters and 93 numbers built from numbers I knew). It was about halfway through the semester that I learned that only the first 8 were used. Even then I found it to be ridiculous that they wouldn’t warn you. Of course I kept typing the whole thing anyways because I was still very proud of myself
In '84 or so, I was in community college using a Data General MV6000 running AOS/VS (IIRC-been a while) and I discovered there was a "user data profile" file. I displayed it, and the first thing in it was my unencrypted password! I was absolutely gobsmacked.
Length matters more…… 😢 Nice video as always Dave. Software side is a weakness of mine so love learning it this way. Would love to understand network vulnerabilities and basic network hacking. Like how can someone jump from an exposed PC to internal, etc.
I’ve actually written a decoding program for the passwords used in the MSDOS shell, it basically stores them plaintext and a child’s decoder ring could decode the original letters, I wrote a program in Qbasic that would iterate through the dos shell ini file looking for the program item listings with passwords and decode them with the potentially correct input text used for the password
If I remember correctly the idea of storing encryption of the password rather than the plain text came from Willie Kantrowitz at MIT Lincoln Lab. I think he implemented it on the TX-2.
Great video. Certainly showed the power of offline attacks compared to an online attack which might well prevent sequential wrong password attempts. Are there any systems that hash the password so that even root doesn't have access? Presumably they'd need to be kernel level though I guess the issue would be where they'd be stored, even if one OS didn't give root access to the special partition if it's commodity hardware another OS would.... Tricky!
Length is the main thing. I don't tell people to avoid dictionary words. I tell them to make it memorable and at least 20 characters long. Do include special characters, numbers, upper and lower case. Length as Dave said, is the most important thing. And if you are forced to change your password every 60 days like in my company, you need something you can remember.
That is the "password advice" I also remember, making the password even a whole sentence (e.g. "I had a very good lunch yesterday", sans spaces). Sadly, most systems insist on the utterly ludicrous combination of numbers, lower/uppercase, and symbols
There was nothing here that surprised me. I've. Been using computers since 1980, taught myself to code in hex at 15. I developed a way to save ROM programs to tape or disk that was way faster than any method others were doing. While I have never set out to crack passwords, I know what to do should I want to. Still it was interesting to see it in action. I guess my point is that you oversold this in the intro, everything is, still, exactly as I thought it was. I am impressed with your 512 GB 0f RAM. Quite a bit higher than what would seem overkill for even today.
Thank you Dave. Could you discuss the impact of security secondary steps, like cell text or face/finger print ID? How does that help or delay a motivated cracker? Also what do you recommend for length, 16, 20 or....? Yikes I feel so naked. Cheers..
Fascinating stuff! I'm curious though when you say "Never use words found in a dictionary"... but Security companies and their experts say using a combination of RANDOM words, random being the key, can be used to make secure passwords? And they offer that capability in their password manager products. Thanks from a confused novice!
What about the "Correct Horse Battery Staple" style of passwords as advocated for by xkcd? They used to be considered very strong, but seems not anymore. Can John tR crack them easily?
Two ways to secure something: Use a password you forgot that even john can't rip due to length, and be unsure of what version of software it even comes from and thus that much harder to identify the encryption method (truecrypt vs veracrypt, what version even available from however many years back you're going in trying to find a bitcoin wallet stored on a virtual drive... and the long shot, is there still a way to read the wallet even if that drive gets opened)
Does this mean that xkcd cartoon about password strength (936) is not entirely valid? Or is it just that passwords with many degrees of entropy are still easy for our friend John to rip if they contain dictionary words?
No the XKCD advice still stands. A four word phrase has approximately the same amount of entropy as an 11 character password made up of random typable ASCII characters, and is much easier to remember. Even if you know 100% someone is using the four random word password scheme and use John the Ripper to target that scheme specifically (and I'm not sure if that's possible), the complexity is roughly the same as attacking an 11 character typable ASCII password of completely random characters
I think the xkcd cartoon misses a trick here because it assumes you are going to change 1 character at a time when you try to brute force a password, which would make a multiple word password secure. However, to crack a password based on words, you only have to change 1 word at a time, and we don't commonly use that many words. The most infrequently used word in the xkcd example is staple, which is ranked at about 18000, so you would only need to try 10¹⁷ combinations to crack "correcthorsebatterystable". That is considerably less than the 2x12⁴⁴ that xkcd calculated, and is less secure than their 11 character random(ish) unsecure example.
For one project I was working on in early 2000's, the key was hashed to get another key. That was then hashed to get another key. The number of iterations was, by default, 1000, but configurable. That seemed to be a good idea, but now I'm not sure it helped. This was in an embedded device with a single admin login, so there was no "password file". It just artificially lengthened the amount of time it took to verify a password to about a second per attempt.
I am not understanding what you're saying about not using English words anywhere in the password. Does that mean that bananaUK^RFmx5q^R&54Q5f20TwjK winds up as more easily cracked than UK^RFmx5q^R&54Q5f20TwjK ? (the same random character combination in both cases, but one with banana in front of it). I don't know what's going on with the math such that I could believe that having a word found on dictionary lists makes it easier to get a piece of the password and then derive the whole thing or I could believe that adding an extra 6 characters for banana makes it more difficult to crack.
No. If the cracker knows you have used 4 common English words then there are perhaps 10000^4 possibilities, or 10^16. But if those were all 5 letter words, and your password was random letters instead, of the same length (20) that search space would be 26^20 which is about 10^28, way bigger. Harder to remember though. Crackers oft n use dictionary attacks, so they are not looking for all random possibilities, just common English words or combinations of common English words.
Your instincts are correct. "banana" as a password sucks, but "Joystick Hydrogen Glance Ladylike Suction" is pretty decent. You can look up "Diceware" for an explanation. Consider 10 random characters chosen from the acceptable character set (26 lower case, 26 uppercase, numerals, and a few more permissible characters) vs. 5 random words from a list of over 7000 words. 70^10 vs 7000^5, the 5 random words have more entropy, even if the attacker has your wordlist. You example is a blending of the two, which arguably adds even more entropy. I imagine if you had 6 purely random characters, plus two random words from the EFF long word list, you would have something harder to attack than the individual components would indicate. There are some caveats, especially around true randomness in the selection, but you can Google "Diceware passwords" or "Correct Horse Battery Staple" for more discussion. In principle, you are looking at something more "human memorable" but involves more typing.
It is possible to search for random characters + dictionary word + random characters, where the dictionary word only adds the amount of entropy a dictionary word would. The random characters dominate the amount of entropy, while the dictionary word may give a mistaken impression that sandwiched between random characters it would add an amount of entropy equal to its length in random characters.
@@seriouscat2231 Thank you for explaining. I've started to switch to using a password manager for everything because I can't memorize a million UK^RFmx5q^R&54Q5f20TwjK style passwords. But then I need a master password that I CAN remember and I guess there's no making that easy on myself without compromising everything (by using some words in it).
@@seriouscat2231 Sure you *can* search for it, but I challenge you to find a good crack for "theANGRYlittleSPORTScaruNiXbEfOrElInuX(1982)ANENGINEERINGFAIRYTALEturbofandustersaregettingoutofhand"
Some recent commentary on this topic is that long, complex passwords will almost inevitably end up written on a post-it stuck to the bottom of the keyboard. Two or more actual words is lengthy and will resist a dictionary attack especially if separated by something.
How secure is a random password generator on browser programs ? How secure is it to keep a copy of the passwords in that browsers locked with a single access password 🔑?
Kind of, but with a caveat... You shouldn't PICK words to use in your password. It has to do with key space. Here is an example (this is a lot of text): If you use characters from the English keyboard, there are something like 96 different options, meaning a key space of 96. If you use an 8 character password, that means there are 96^8 ~= 7.5e15 possible combinations, i.e. more letters means a larger exponent, which means more possibilities and more time to crack. At 500 billion passwords per second, that means it will take around 4 hrs to get through every option. If you actually choose random words from the full list of all the words in the English language, that's around 100,000 words (you can google to find the actual number). If you make sure to include special characters, numbers, and capital and lowercase letters, then the attacker has to try multiple combinations for every word. If that only increases it to 100 tries per word (though, hopefully you've increased it by more than that), now there are 10,000,000 possibilities. With three words like that, you have 10,000,000^3 which is 1e21 possibilities. If you are trying to crack at, say, 500 billion passwords per second, that means it will take around 63 years to get through every option, which is pretty strong. However, if you use 5 words, then we have 10,000,000^5 =1e35 combinations, meaning it would take 6.3e15 YEARS to get through that. That is very strong. Now, the real problem is that most people pick words they know, that mean something to them. That means the key space is maybe only 10,000 words, and if you're not using other characters to make it stronger, it stays there. 10,000^3=1e12 combinations, which would take only around 33 minutes to crack. So, if you are picking three words... It's not very strong. But if you do it correctly, words can be very strong. TL;DR: use a password manager and use long passwords.
@@David_Crayfordthe problem with the sentence idea is that, while the length is good, the predictability makes them easier to crack. Every sentence that has been published, for all practical purposes, has already been catalogued (along with common substitutions & misspellings, spacings & alternative spacers, and various capitalisations); making them essentially no different to dictionary attacks of one or two words passwords. The strength of the random word system is both its length, and the unpredictability of word order. You lose that advantage with sentences as passwords.
Fortunately there are modern key derivation functions which resist both CPU and GPU based brute forcing really well, for example Argon2. The d and id versions of the family are especially good against GPUs. Then there are just generally very computationally intensive options, e.g. PBKDF2 for some hundreds of thousands of iterative rounds.
I've always been curious how much strict rules designed to enforce password complexity, actually weaken the system as a whole to attack. It's obviously a trade off vs allowing users to enter weak passwords, but if you're brute forcing, how much of an advantage do you gain by knowing that say the password must be 8 - 12 characters long, and contain at least one capital letter, one number, and one special character?
I’ve seen pass phrases being recommended over a mixture of letters and symbols as it’s easier to remember and more difficult to crack due to increased entropy. I use a password manager and for the master password I use a pass phrase with a separator. After watching this video, I can’t help but wonder what one would use as a master password other than words in some shape or form. A physical key is not always an option and since this is the master password used to unlock the password manager, it would need to be something that can be remembered?
Hey Dave! I was wondering if you could explain this to me, as it has happened with websites like Discover and a couple others. I used to use a password manager to generate all my passwords (still do, but with exceptions), and it used to be super random and involve random special characters. When i reset my password with my Discover account, it accepts the new password. When i try to log on, it says I've the wrong password. After many trial and errors, i came to the conclusion that, even though it accepted the password, one of the special characters must have not had a hash equivalent identifier, but the system didn't flag it as a problem. Have you experienced anything like this? Do you have a different explanation for this?
Check that your password isn't longer than the maximum allowed on the website. It may have truncated the password before storing it without telling you.
Some characters are treated special by the operating system and might confuse the login process. Some processes don't like a leading special character. Apostrophes ought to be avoided, likewise asterisks and semicolons.
Hi Dave. You demonstrated cracking a zip file with a short password. That is scary. What if I use 7-Zip with AES256 encryption and a 127 character random unicode password? Is that crackable?
Cool video. Made me want to change all my passwords 😂 Question is, why so many security training around the internet and even corporations says we should add special characters and numbers to a password, if it is so much easier to crack by brute force? Also, can you show how can I get these cool effects on MacOS terminal? Maybe you could share your template?
"why so many security training around the internet and even corporations says we should add special characters and numbers to a password, if it is so much easier to crack by brute force?" It is easier to crack by brute force when it includes a word which can be found in a dictionary, or a variation on such a word (ie, replacing i by 1 and such), or a dictionary word with some obvious 'special characters' (there really only are a few special characters people tend to use: !@#$%^&*() mostly (and look at your keyboard to see why). If your password doesn't appear in a dictionary, adding some special characters does help, or better said, when every position in your password can be a letter, number or special character, instead of just a letter, you get more keyspace, and make it harder, provided you absolutely avoid dictionary words.
![BLACK BAG - Official Trailer [HD] - Only in Theaters March 14](http://i.ytimg.com/vi/Du0Xp8WX_7I/mqdefault.jpg)
I remember in the early 2000s telling a training class that password protecting a PDF was useless. A person in the class sent me an email with a password protected PDF and I showed them in real time how you could open the pdf and remove the password. Then I ran a password brute force attack and by the end of the day I had it open. Really put the lesson of once you send a file to another person you lose all control over the data.
Agreed. It can be useful for casual protection, such as between accountant and client, so long as nothing in the file is that critical.
The same with password protected RAR files. I administer mission critical businesses -- instead, I force them to all use GPG with their memory sticks.
Or you use a one-time pad, that cannot be cracked, but is also not very convenient.
What about AES256 with a 127 character random password? Is that crackable?
The :wq in nano made me chuckle. Fun video
one of the first things i do after installing a distro is update-alternatives and choose vi. i'm too sexy for nano.
@@God.Almightyi know how to quit vi and if things are really ugly emacs. But nano?? -Z kill -9 %% Newfangled %^>>■*# 😅
It took years to convince me of ci. I used to use ed(1) which these days is too hardcore for almost everybody. I occasionally also use ex. Just Teco is too tough even for me 😂
Nano? Vi? What the f?
'Oh my... your terminal runs a GUI!' Tough luck.
Sure, it’s text and keyboard based-but nah, still sucks.
I won’t waste CPU or memory on that sheit.
Single row? No prob, ed’s ready to go.
No scrolling, no fluff, just commands that flow.
Ed is all you need. It’s fast, it’s lit.
Once you go ed, you’ll never be misled!
lol
@@God.Almighty I alias nano to pico.
About 20 years ago, as a teacher teaching some computer courses, I went to a workshop on computer security. The guy running the workshop said that the best way to learn how to keep a computer network secure was to learn how to hack it.
We learned a few things but nothing like the actual class he taught. In it he had a virtual network he set up. The students, in groups, would create their own LAN, set up their routers and anything else needed, secure it and then try to hack into each others networks.
Didn't get a chance to take the course but would have loved to. Just seeing what I did made me realize that nothing is really secure if someone really wants to get in bad enough.
I love the history that you bring to your videos in addition to the technology! Thank you!
Yesterday I cracked an 8 digit pin number using a timed side channel attack from the command line. I had heard it was possible but didn't think it would be easy enough to do it long hand. It was like a scene straight out of the movies. I was blown away!
I have a zip file.I encrypted many years ago, that I have since forgot the password for. I knew one day I would be able to crack it.
That day has come.
Let us know when you get in, and if the wait was worth it!
@@WarrenGarabrandtit was a cat video
me too from when i was very young with shall we say exotic photos in it. doubt at my age now and with so much free spice on the web, i'd find those photos too exotic anymore.
Got in?
It will take me a bit to find the old HD. It was pictures of me and ex. All pg rated.
I'm a retired mathematician. I would never try to write my own encryption, unless I had a ton of help and people willing to review the code. Even then, I wouldn't do it.
I'd also mention that salting is a good idea. Lots of things do salting and hashing.
Salting breaks bulk attacks. If two passwords are the same, but have different salts, they will have different hashes. If you have a table full of user accounts and none of them were hashed, even without breaking the passwords, you could tell if two accounts had the same password because they'd have the same hash. By salting the password, you mix in some random data, which not only means even the same passwords will have different hashes, but each account will need to be attacked individually because any resulting hashes are only valid relative to the salt used.
I went through a nice lesson on hashing and security features with GPT, it really is a good education tool.
Salting, peppering, and hashing, 2fa (mfa)
This video title is giving me late '90s L0phtCrack vibes. Can't wait!
John)
I still have it running, too. As well as about 20 others. LOL
Yeah, it's even freeware now.
BackOrafice!
The simplest solution to strong passwords is to use a long (over 16 characters) random strings including upper/lower+ special characters. Those are nearly uncrackable with today's computers. No need to remember them, just use a password manager.
Another great video with explanations and demos! Us old geezers learnt this decades ago (as you say), but I love that this is yet another perfect video to share with younger colleagues!
In a way it has become less relevant these day. Back at university most UNIX systems were not behind a firewall so password security was essential even though hacking wasn't yet as much of a problem as today.
So evey once in a while the BOfH (look it up if you don't know what it is, kids) on duty did collect the passswd files from all machines and yp servers and ran crack on them. 200+ systems usually found the first victims' passwords within a minute and foods like pizza, banana etc were always among the first ones.
Depending on the moon of the admin the owners of the aggected account were either forced to set a new password when logging in the next time or their accounts were disabled to they had to pass by the BOfH's office in person and beg for forgiveness.
If someone gets /etc/shadow they already have root access. What matters at that point is NOT using the same password everywhere else (or anywhere else). Well, maybe not. If the disk is not encrypted you can mount the root partition as a simple disk and read anything on it because you are root on your own computer. In Windows, the target is the SAM file.
Dave, I'd love to meet you someday, not so much to hack systems but that you and I both lived the computer industry history. My first system was a PDP-8i connecting to Dartmouth Kurtz and Kemeny BASIC in 1965. I wrote the Craps game in Ahl's 101 Basic games. I worked at DEC as an instructor and DG as both an instructor and developer. LOVE YOUR CHANNEL
"Soul of a New Machine" was the reason I didn't go into physics.
@@bradquinn2859 I was given a signed copy of Soul of the New Machine. I was at DG when the Eagle was made, I taught our field service how to deal with it, and my most fun was working (with two others) on the CLI. I met Tracy Kidder but didn't know he was writing about us.
I got started in actual computers in 1973 on a DEC PDP8-e, after I had left the USAF in Crypto Maintenance. Spent some time in computer security in securing CD-Roms.
David Ahl was a god to me.
Oh wow.
And I thought I was an old timer with TRS-80 experience from 1979.
Didn't get to learn anything useful until I gained access to some IBM PCs at school in 1984 to learn BASIC. Didn't pick up on C or FORTRAN until college years later.
Thanks for sharing.
I remember using a system that asked users to change their password every month. And when changing it, the system checked if the password was SIMILAR to a previous one. So it obviously never even just saved the hash, but a plaintext version somewhere - to compare the passwords.
In the end, people started to just write their passwords on paper and asking others if they can use their login, since their password expired or they forgot it. All due to the administrators having no idea what practical password security is.
It's truly frustrating making policies that force users to use insecure practices to be able to keep changing and logging in constantly with the theoretically secure password.
This totally obsolete practice is extremely frustrating when government departments like the VA, SSA, etc have a blanket policy of making the users change passwords on a recurring basis. What I have noticed is that it causes less security rather than more.
@@mementomori29231 Exactly sam dot gov. They probably tell us to change because they get hacked every so often (it seems).
The corporate solution is OTP’s in a modern environment. Forcing periodic changes just for the policy of it causes office Post It Notes to help the cleaning crew sell your passwords. I use proton pass manager and OTP.
@@jim7smithTry being responsible for IT security at a bank.
Back in 2010, we scaled back from forcing users to change their passwords every 90 days to every 60 - and that was despite regulators heavily pressuring us to go down to 30, despite our Risk Assessment showing exactly your point - users forgetting passwords, writing them down in places that can be found despite policy against it, etc. We successfully held the line at 60, and regulators finally stopped putting undue pressure on us in 2015 when they employed an actual engineer among their regulatory team and he got to see our use of passphrase training, longer minimum lengths on the passwords, etc.
And now, as Dave showed us, even that is insufficient if the hacker gains access to the hash and brings to bear an offline cracking tool. Smh.
Fun Fact: With Master combination locks commonly used for gym lockers at school in the 70's, you didn't need to try 0-0-0, 0-0-1, etc. You only needed to try every 2, since the slop in the combination slots was 1.5 digits wide. Furthermore, the odd/even-ness of the final digit (hold up the shackle and turn the knob until you felt it give a little), told you the odd/even-ness of the other two digits. Thus, you only needed to try every four digits: 0-0-4, 0-0-8, etc.
Yes, this based on personal experience ;)
Are you familiar with The Lockpicking Lawyer? @lockpickinglawyer Good YT channel if you are into locks.
The ones I were familiar with always had the difference between numbers as odd multiples of 2, such as 6, 10, 14. I expect that there was also some minimum separation. that might have ruled out +/- 2. By my calculations that would reduce the possible combinations down to something like 40 x 8 x 8 = 2560.
Most of them you can just shim with a strip of metal cut out of a coke can. Even quicker! It's a bit like computer security- many routers from ISPs have random (and therefore quite good) passwords but when people don't update their router and therefore don't patch exploits there's no need for a pwd......
Nothing on 1. Click on 2. And we have this bad boy open
@isyt1 could just be a fluke though....
As someone who was a security admin I spent a lot of time on stuff like this. Brings back a lot of memories.
bro mastered the art of thumbnails
The funny thing is, neither he nor anyone will actually know which thumbnail you saw
In the 1990s I was working for a Federal agency. I was asked to use John on the machine that everyone used for e-mail. It was a Solaris box running at 2X50 MHz. I moved the file over to a SGI Indy box and ran John on it. Within 5 seconds I had a whole bunch of them cracked. The one that stood out - ncc1701. Start Trek Enterprise hull number. That password still shows up even today if the system doesn't do minimum checks on passwords. I think that machine had 6000 or 8000 accounts. The agency name showed up a lot in the cracked passwords. They always seem to.
That SGI Indy box while a hot box at the time is laughably slow today. It had a whole 16 MB of memory, a 1 gig disk and I think it ran at 133 MHz. MIPS architecture. Fast enough that it supported video conferencing. I had a SGI camera on top of my monitor.
SGI had some great hardware back in the day
My mother worked for a federal agency. They all had their passwords tacked onto their monitors.
If the sysadmin doesn't hand out the hashed passwords and limits number of guesses to login, none of this cracking will get you anywhere regardless of how advanced your hardware/software is.
@@jrstf if you have access to the physical machine then you do an offline attack and bypass the password retry limit
@@An.Individual - If you had physical access to the machine then password choice and encryption strength will make absolutely no difference. Concentrate on what's important, protecting those hashed passwords. And don't share a similar password between unrelated machines. Password choice just isn't important except in the most extreme cases.
I use a password manager with NON-SMS based two factor authentication to generate random passwords. The length varies depending on how important the account is. I have also started adapting passkeys where possible and disabling password based login entirely. You can’t crack something that doesn’t exist.
I always enjoy Dave's videos! My take from this is that I need to be much more careful about my passwords - especially at work. My personal stuff would just bore someone - but I work in a sensitive environment.
I remember taking the SAM file from a Windows NT 4 machine in the late 90s and cracking the administratior password. I ran it on a pentium 3 500mhz took overnight to crack password nsystemt I was totally amazed lol. Good Times. Great video as always Dave keep it up
NT 4.0 was my favorite OS. Lots of buggy errors, but still best uncluttered no-nonsense user interface.
The place I was working around then asked me to test the passwords in use on our WinNT & Win98 mixed network. Using inefficient ( John the ripper?) software on a two year old budget workstation (suitable only for tech support use) system the first success took less than 30 seconds. I had all but my own password inside of three hours.
Nobody else had a password longer than six characters and nobody besides me used any special characters.
@@josephfilm73 Windows NT 4 is still my favourite OS of all time. I have many VMs running it still lol
We used to periodically have password shaming day where we'd take the SAM, crack it, and then display all the terrible passwords in a company meeting. After we'd forced a password reset on those accounts, naturally. ;)
Thanks Dave. You keep making me learn stuff that I was curious about. I appreciate the way you are giving back to the community.
I can remember the days of cracking the NT passwords in about 2000-2001 which would take only a few hours using rainbow tables , if you have access to the machine it's all over .
Which is why the need a little salt to stop every hash table being the same .
Mmmm salted hash
Ah, the days of lugging around an HD with rainbow tables, "just in case". And making the mistake of (at least once) having your client call you because "I forgot to tell you the password" and you replying "No problem, i just cracked it, already working on your problem". Cue a very very scared client... I learned a lesson about not disclosing too much, they learned a lesson on "weak passwords".
If you had physical access to the server, run a password setting program and reset the Admin password in Windows. Then you're in!
@@connclissmann6514 And everyone will know about it because you just changed it. The point of cracking Windows passwords was NOT getting in, it was getting in WITHOUT people being able to tell you did. Any lock/door can be broken in, but if you make a copy of the key, you can get in and out without visible signs of intrusion. Also, it breaks EFS so, bye bye files if you have any under it and do a reset.
Windows LanManager (LM) hash also only looked at the first 14 bytes.
Even though that's more than the 8 for the ancient Linux crypt mechanism:
Lanman capitalized all characters and then split it into 2 chunks of 7 bytes and use DES to encrypt it.
Plus Lanmanager does not make use of a Salt
LM has less entropy than crypt, mainly due to the capitalization of characters (aabbcc is the same as AABBCC) and the limited characterset as a whole
Because LM split the first 14 bytes into 2 7-byte chunks it was also much easier to simply brute force a single chunk ( which has less entropy and lacks any Salt)
In 1996 Microsoft did introduce NTLM which is case-sensitive but Windows still saved the old LM hash for backwards compatibility so you could still attack LM
Microsoft stopped using LM at around 2006
Crypt was updated to a stronger hashing method around 1995 and crypt was considered obsolete in the early 2000's
I remember you better had to use a password at least 15car so it was not backup as 2x7car...
@@jpp_vh It was 14 bytes. Any more would not make a difference. And capitalization also made no difference since all characters were capitalized before the hash was created. (2 hashes actually, one for each 7 byte part)
It made a difference in NTLM, entering 15car disabled the backup in old LM format.
@@jpp_vh oh I see what you mean. That sounds reasonable. Still means that any password with less than 15 characters would indeed have a LM hash stored as well. Which is much less secure than NTLM.
Dave’s video series path to ethical hacker is going to be amazing
Dave, an excellent introductory video. Enough to understand the basics without the advanced baggage.
My wife make fun of me for I make romance explosion at the specs description of the ripper pc.
For real though... I have been learning I.T. for over 25 years now and I understand the depth of about 15% of what you speak on. None the less, I absolutely love all the content you put out. Have been subscribed for a long time
Fully rounded video! Great way to bring the point home with history and tests. Thanks Dave!
Great video. These are things I knew, and yet, without this video, I was not aware just how easy it is to access these tools. Seeing this, made me feel it in my guts. Very informative.
Unfortunately, the easiest way to discover someone's password is still this: just ask them for it. The amount of times I'd be speaking to a client (and they just trusted they were talking to the service desk) and they'd casually offer up their credentials after I'd mentioned security - mind-blowing
Either that or look for a post it note stuck on the case. The average user is so unprotected it's wild.
Back in the 90's, a hacker named Kevin Mitnick did just that. Using social engineering, he was able to obtain people's passwords without trouble by concocting a simply story. No password cracker required. People gave them up willingly. Simply mind boggling.
Another effective method of getting passwords is with a nail puller. ;D
New subscriber and just bought both your books on autism. My daughter has Asperger’s and she’s decided that I definitely have a little ‘tisim in me, which seems more realistic as time goes on.
Looking forward to enjoy enjoying your content and thank you for writing the books.
The demonstrations acted like splashing ice water on my face. Thank-you for the wake up call.
Good video. It’s a good reminder for how to create secure passwords. Also everyone must never re-use passwords from one web site to another. This is the means by which if one site is hacked and hashes or passwords are discovered for one site, then that password will be used to hack into other sites using your stolen credentials.. I recommend using a password manager with a very long random password you keep stored in a safe .
11:52 brings back reminders of my friends going through and doing dictionary attacks of AOL accounts to get free internet. Password complexity was non existent in the late 90s. (My ISP password was 'hearts' and the work ISP password was 'stamps') so that list of passwords given in Hackers went a VERY long way.
Indeed, a good password is a random password; a password for which an attacker knows NOTHING. Longer passwords are generally better, but a 66 character password is useless when it's just 5 dictionary words glued together.
What if I use 7zip with AES256 encryption and a 127 character random password? Is that crackable?
Excellent information Dave. The books I already got, a work in progress.
Thankyou Dave ...No complete words in passwords from now on!
Great Video Dave. What do you think about the strength of programs that encrypt an entire drive.
Programs such as TrueCrypt or VeraCrypt?
How would you categorized their strength and level of security?
By using random letters/numbers/punctuations as your password there is very high chance you'll find that password written somewhere in plain text because ain't nobody remembering those combos especially if/when you have bunch of different ones. If you do remember good for you.
Or they tend to be rather short, thus easier for computers to break.
Look up "Diceware" (or "Horse battery staple? Correct!"). It uses randomly generated words in a random combination. You get equivalent entropy to a 12 character random character password with 4 or 5 words. 4 or 5 random words are easier to remember than random gibberish, but it is more typing.
Physical security is a major portion of security.
Use a password manager.
@@bertiesmith3021 The password manager needs a password, which can be cracked. The best method, in my opinion, is to use a password that you will remember and then hash it 100,000,007 times, for example. Use the 100,000,007th hash as your password. You won't remember the hash (the real password), but you'll remember how to get to it. A brute force attack would require hashing every entry in your dictionary 100,000,007 times, which would take a substantial amount of time per entry, making that brute-force attack unfeasable. And that's assuming you already knew your target was using the 100,000,007 method, but he could be using the 100,000,023 method, or the 200,000,004 method, or the 10,073 method, for example. You could pre-calculate a few dictionaries at a substantial time cost--maybe the 10,000, the 100,000 and the 1,000,000 dictionaries--but not many more.
Can you elaborate on your aversion to multiple random word passwords? NCSC has reiterated that recommendation and I do not see how to apply dictionary attacks would make that approach just marginally better than one word (be it with or without modifiers). Having multiple words severely increases complexity here.
See xkcd 936 :).
correct horse battery staple
The simple explanation is that out of all possible combinations of characters, almost all of them are complete gibberish and only a tiny slice have any real words.
The xkcd comic is assuming a raw brute force attack, a permutated disctionary attack only tries a very small subset of combinations of length x before moving on to length x+1.
The end result is that in most real world scenarios, any real word in a passphrase is more like 2 or 3 single characters in a random password.
What are your thoughts on dice ware? It may also have been good to mention salting passwords to increase their length and prevent rainbow table lookups.
Everything you type on your keyboard can be logged and send later to an attacking destination, mentionning INT 6 keyboard as some keys to be interpreted by the current OS langage driver. So use some code to fill login form username and password, is a good start.
Great video, I have been trying to convince my wife to take complex passwords more seriously. I think this weekend we will sit down across crack some of her passwords. Hopefully she will change her ways. Thanks!!!
0:32 RIP to all of those cyber security RUclipsrs that repeat this non-sense Kali trope 🤣
Great Video Dave. In the mid 90's I sold PC's with support. During one visit to a Customers house, I asked for his password (save asking I needed it) He seemed a little un-comfortable, but eventually whispered to me "It's I hate my Wife" his Wife was in the now quiet room.
Great episode, Dave! I think back to reading "The Cuckoo's Egg" by Cliff Stoll in which he encounters a dictionary attack for the first time as sys op for computers at UC Berkeley. It is a great read.
Great video. Would love to see a follow-up on cracking Office passwords, and some talk about RSA AES and triple DES.
Outstanding. Please keep these topics coming.
I do enjoy these videos. Takes me back to a different time of computing.
Love your videos Dave. Please NEVER stop!!!
When you say don't use dictionary words in your passwords, you mean one word and some numbers at the end (or even common substitutes like @ for A), right? I've heard that using a pass phrase of 4 dictionary words and random separators is one of the most secure things you can do
I thought the same thing as you . I’ve heard it said from seemingly knowledgeable sources that say an 8word passphrase is very secure . Dave seems to saying otherwise ?
There's a big weakness with ZIP that's worth knowing about if you're either considering your options for securing files or looking at one of your old ZIP files from years ago and wondering how to get in. If the ZIP file contains multiple files and you already know the content of any one of the files in the encrypted ZIP there's a good chance you can recover the key without even needing to brute-force the password, by means of a "plaintext attack". A fairly bog-standard desktop PC from a couple of decades ago could do it. As far as I'm aware its a solved problem, fixed by "salting", but the file format would have to change to fix it so ZIP and many ZIP-like formats are probably going to stay vulnerable.
I believe that the Zip file encryption that Dave talked about is just the original method that Phil Katz threw in when he first developed the Zip file format. It was never intended to be secure in the sense that Dave talks about in the video. It was even weaker when the encryption was done using older InfoZip derived utilities back in the late 90s and early 2000s. There was an oversight in that code due to use of the rand() function in the C runtime library.
Going back to the very early days of the product and until very recently (I retired about a month ago), I worked in the compression/encryption logic in WinZip. There was a commercially available command line app available around the turn of the century that exploited the rand() problem when that original encryption method was used. It typically took that app less than a minute or two on the computers of the day to crack most files encrypted that way. At the time I spent quite a while beefing up the random number generation in WinZip to correct that weakness.
Regardless, the company (and most of the other Zip utility companies) never recommended the original Zip encryption for serious use. From the get-go, it was widely recognized as desperately weak. If I remember correctly, and please correct me if I’m wrong, symmetric encryption methods today are considered weak if the key size is less than something like 96-bits. There were other problems with it besides, but I believe the effective key size of the classic encryption for Zip files is somewhere in the vicinity of 40 bits. It’s basically nuisance encryption and has never been secure.
To correct this problem, with the help of Brian Gladman and a few others, I designed and added very strong, AES based encryption to the Zip file format. That design is openly documented on WinZip’s web site, and has been part of the open Zip file format standard for something like a couple of decades now. It is considered secure, even by today’s standards. The key sizes range from 128-bits to 256-bits, and it uses established techniques to resist brute force password attacks and includes the use of things like SALTs, and authentication checks for extracted data. This has been in the field for a long time and is currently supported by most of the leading utilities available for working with Zip files.
It does still have its challenges though _being password based_. And with the impending availability of quantum computers, the existence of Grover’s algorithm can reduce the effective strength of a given key size by half - post quantum. For example, given the 96-bits threshold (or more if I’m out-of-date on this), post quantum AES 128-bit would be the equivalent of 64-bits in todays world. That’s not nearly enough to be considered strong. If you want strong encryption today that will hold up in coming years, you’ll want to use 256-bit keys and, as Dave points out, _you’ll need to be smart about how you manage your passwords_.
What if I use 7zip with AES256 encryption and a 127 character random password? Is that crackable?
I remember running JohnTheRipper in one of my undergrad classes at a downtown Toronto University. Needless to say, it was so much fun that I did my grad studies in Security.
Great explanation of hash cracking, love your vids! I was expecting you to end it with "Or just download a Rainbow Table and save yourself all that processing."
Hi, this is a great video. I'm currently studying IT and computing at University and this nicely expands upon some of the older cryptography standards that have been taught so far. Very interesting. Could you salt the DES encryption? I'm aware this is done on AES. This could be an interesting experiment if not. It would be interesting to see how quick this could be decrypted. I really enjoy your videos, thanks.
Love these videos as much I love the thumbnail. This is proper RUclips content!!!!!
Oh come on! Cat videos are the most proper content! :)
The biggest password problem I continuously encountered in 20 years of managing business and educational networks was user's misunderstanding of the purpose of a password. When I worked for a public school district, I quickly realized that MOST people think, and will even tell you if asked, that a password is "to get you into the computer". Even when I would explain that the password was to keep unauthorized people out, they'd say, "Oh, I don't care. I don't keep anything private on my school computer".
please do more of this.. dive into encryption techniques, steganografi, etc.
Thanks for the video 😊 it was fun and informative, left a like for you. Hope you keep making vids!
Thanks Dave, great information. What do you use to manage your dozens or hundreds of unique passwords? Password mangement for the end-user remains a poorly understood process.
I remember the 8 character password thing from high school. I had made a 100-character password and learned to enter it in 30 seconds (in reality, it was 7 random letters and 93 numbers built from numbers I knew). It was about halfway through the semester that I learned that only the first 8 were used. Even then I found it to be ridiculous that they wouldn’t warn you.
Of course I kept typing the whole thing anyways because I was still very proud of myself
This is an excellent explanation of cryptographic practices and password cracking. Awesome information Dave! A sub and a like from me!
In '84 or so, I was in community college using a Data General MV6000 running AOS/VS (IIRC-been a while) and I discovered there was a "user data profile" file. I displayed it, and the first thing in it was my unencrypted password! I was absolutely gobsmacked.
Opens your mind ... need to change all passwords thanks Dave
great vid Dave. You're one of my role models. My wife and I loved your book on Autism
Great video Dave. I participated in that RSA challenge in 1996. Sent shockwaves through the community. Now, on to SHA-256 and bitcoin.
Length matters more…… 😢
Nice video as always Dave. Software side is a weakness of mine so love learning it this way.
Would love to understand network vulnerabilities and basic network hacking. Like how can someone jump from an exposed PC to internal, etc.
I’ve actually written a decoding program for the passwords used in the MSDOS shell, it basically stores them plaintext and a child’s decoder ring could decode the original letters, I wrote a program in Qbasic that would iterate through the dos shell ini file looking for the program item listings with passwords and decode them with the potentially correct input text used for the password
If I remember correctly the idea of storing encryption of the password rather than the plain text came from Willie Kantrowitz at MIT Lincoln Lab. I think he implemented it on the TX-2.
We were so worried about post-quantum encryption, we forgot about our daily securities
There's a corallary to this... Surely the NSA was cracking DES based radios 40 years ago.
Great video. Certainly showed the power of offline attacks compared to an online attack which might well prevent sequential wrong password attempts. Are there any systems that hash the password so that even root doesn't have access? Presumably they'd need to be kernel level though I guess the issue would be where they'd be stored, even if one OS didn't give root access to the special partition if it's commodity hardware another OS would.... Tricky!
Length is the main thing. I don't tell people to avoid dictionary words. I tell them to make it memorable and at least 20 characters long. Do include special characters, numbers, upper and lower case. Length as Dave said, is the most important thing. And if you are forced to change your password every 60 days like in my company, you need something you can remember.
That is the "password advice" I also remember, making the password even a whole sentence (e.g. "I had a very good lunch yesterday", sans spaces).
Sadly, most systems insist on the utterly ludicrous combination of numbers, lower/uppercase, and symbols
Ihadaverygoodlunchyesterday123!
Another interesting and informative video. Thanks for making it!
There was nothing here that surprised me. I've. Been using computers since 1980, taught myself to code in hex at 15. I developed a way to save ROM programs to tape or disk that was way faster than any method others were doing.
While I have never set out to crack passwords, I know what to do should I want to. Still it was interesting to see it in action. I guess my point is that you oversold this in the intro, everything is, still, exactly as I thought it was.
I am impressed with your 512 GB 0f RAM. Quite a bit higher than what would seem overkill for even today.
Thank you Dave. Could you discuss the impact of security secondary steps, like cell text or face/finger print ID? How does that help or delay a motivated cracker? Also what do you recommend for length, 16, 20 or....? Yikes I feel so naked. Cheers..
Fascinating stuff! I'm curious though when you say "Never use words found in a dictionary"... but Security companies and their experts say using a combination of RANDOM words, random being the key, can be used to make secure passwords? And they offer that capability in their password manager products. Thanks from a confused novice!
Subbed and liked, why didn't I find your channel years ago.
good stuff. there's a computerfile video that addresses some other aspect of poor pw choices
What about the "Correct Horse Battery Staple" style of passwords as advocated for by xkcd? They used to be considered very strong, but seems not anymore. Can John tR crack them easily?
Two ways to secure something: Use a password you forgot that even john can't rip due to length, and be unsure of what version of software it even comes from and thus that much harder to identify the encryption method (truecrypt vs veracrypt, what version even available from however many years back you're going in trying to find a bitcoin wallet stored on a virtual drive... and the long shot, is there still a way to read the wallet even if that drive gets opened)
While not common, you can also change the instructions in assembly to effectively login with any password.
what's your feeling on passphrases.. eg a 60 odd character sentence, or the xkcd approach?
Does this mean that xkcd cartoon about password strength (936) is not entirely valid? Or is it just that passwords with many degrees of entropy are still easy for our friend John to rip if they contain dictionary words?
No the XKCD advice still stands. A four word phrase has approximately the same amount of entropy as an 11 character password made up of random typable ASCII characters, and is much easier to remember.
Even if you know 100% someone is using the four random word password scheme and use John the Ripper to target that scheme specifically (and I'm not sure if that's possible), the complexity is roughly the same as attacking an 11 character typable ASCII password of completely random characters
I think the xkcd cartoon misses a trick here because it assumes you are going to change 1 character at a time when you try to brute force a password, which would make a multiple word password secure.
However, to crack a password based on words, you only have to change 1 word at a time, and we don't commonly use that many words. The most infrequently used word in the xkcd example is staple, which is ranked at about 18000, so you would only need to try 10¹⁷ combinations to crack "correcthorsebatterystable". That is considerably less than the 2x12⁴⁴ that xkcd calculated, and is less secure than their 11 character random(ish) unsecure example.
Excellent video! Thanks Dave for the lesson!
For one project I was working on in early 2000's, the key was hashed to get another key. That was then hashed to get another key. The number of iterations was, by default, 1000, but configurable. That seemed to be a good idea, but now I'm not sure it helped. This was in an embedded device with a single admin login, so there was no "password file". It just artificially lengthened the amount of time it took to verify a password to about a second per attempt.
I am not understanding what you're saying about not using English words anywhere in the password. Does that mean that bananaUK^RFmx5q^R&54Q5f20TwjK winds up as more easily cracked than UK^RFmx5q^R&54Q5f20TwjK ? (the same random character combination in both cases, but one with banana in front of it). I don't know what's going on with the math such that I could believe that having a word found on dictionary lists makes it easier to get a piece of the password and then derive the whole thing or I could believe that adding an extra 6 characters for banana makes it more difficult to crack.
No. If the cracker knows you have used 4 common English words then there are perhaps 10000^4 possibilities, or 10^16. But if those were all 5 letter words, and your password was random letters instead, of the same length (20) that search space would be 26^20 which is about 10^28, way bigger. Harder to remember though.
Crackers oft n use dictionary attacks, so they are not looking for all random possibilities, just common English words or combinations of common English words.
Your instincts are correct. "banana" as a password sucks, but "Joystick Hydrogen Glance Ladylike Suction" is pretty decent. You can look up "Diceware" for an explanation. Consider 10 random characters chosen from the acceptable character set (26 lower case, 26 uppercase, numerals, and a few more permissible characters) vs. 5 random words from a list of over 7000 words. 70^10 vs 7000^5, the 5 random words have more entropy, even if the attacker has your wordlist. You example is a blending of the two, which arguably adds even more entropy.
I imagine if you had 6 purely random characters, plus two random words from the EFF long word list, you would have something harder to attack than the individual components would indicate.
There are some caveats, especially around true randomness in the selection, but you can Google "Diceware passwords" or "Correct Horse Battery Staple" for more discussion. In principle, you are looking at something more "human memorable" but involves more typing.
It is possible to search for random characters + dictionary word + random characters, where the dictionary word only adds the amount of entropy a dictionary word would. The random characters dominate the amount of entropy, while the dictionary word may give a mistaken impression that sandwiched between random characters it would add an amount of entropy equal to its length in random characters.
@@seriouscat2231 Thank you for explaining. I've started to switch to using a password manager for everything because I can't memorize a million UK^RFmx5q^R&54Q5f20TwjK style passwords. But then I need a master password that I CAN remember and I guess there's no making that easy on myself without compromising everything (by using some words in it).
@@seriouscat2231 Sure you *can* search for it, but I challenge you to find a good crack for "theANGRYlittleSPORTScaruNiXbEfOrElInuX(1982)ANENGINEERINGFAIRYTALEturbofandustersaregettingoutofhand"
Some recent commentary on this topic is that long, complex passwords will almost inevitably end up written on a post-it stuck to the bottom of the keyboard. Two or more actual words is lengthy and will resist a dictionary attack especially if separated by something.
Fantastic stuff as always, Dave. Thanks.
How secure is a random password generator on browser programs ?
How secure is it to keep a copy of the passwords in that browsers locked with a single access password 🔑?
Yes but...your sarcasm makes things different. Duh. Thanks for turning it in... Nice job Dave... Now we all are screwed again. Appreciate it.
Dave. Are you saying that all this 'use 3 words' we hear about is garbage?
Kind of, but with a caveat... You shouldn't PICK words to use in your password. It has to do with key space. Here is an example (this is a lot of text):
If you use characters from the English keyboard, there are something like 96 different options, meaning a key space of 96. If you use an 8 character password, that means there are 96^8 ~= 7.5e15 possible combinations, i.e. more letters means a larger exponent, which means more possibilities and more time to crack.
At 500 billion passwords per second, that means it will take around 4 hrs to get through every option.
If you actually choose random words from the full list of all the words in the English language, that's around 100,000 words (you can google to find the actual number). If you make sure to include special characters, numbers, and capital and lowercase letters, then the attacker has to try multiple combinations for every word. If that only increases it to 100 tries per word (though, hopefully you've increased it by more than that), now there are 10,000,000 possibilities. With three words like that, you have 10,000,000^3 which is 1e21 possibilities.
If you are trying to crack at, say, 500 billion passwords per second, that means it will take around 63 years to get through every option, which is pretty strong.
However, if you use 5 words, then we have 10,000,000^5 =1e35 combinations, meaning it would take 6.3e15 YEARS to get through that. That is very strong.
Now, the real problem is that most people pick words they know, that mean something to them. That means the key space is maybe only 10,000 words, and if you're not using other characters to make it stronger, it stays there. 10,000^3=1e12 combinations, which would take only around 33 minutes to crack. So, if you are picking three words... It's not very strong. But if you do it correctly, words can be very strong.
TL;DR: use a password manager and use long passwords.
@@roxas8999 Misspell one of the words
use a whole sentence
@@David_Crayfordthe problem with the sentence idea is that, while the length is good, the predictability makes them easier to crack. Every sentence that has been published, for all practical purposes, has already been catalogued (along with common substitutions & misspellings, spacings & alternative spacers, and various capitalisations); making them essentially no different to dictionary attacks of one or two words passwords.
The strength of the random word system is both its length, and the unpredictability of word order. You lose that advantage with sentences as passwords.
@@roxas8999 The vulnerability you describe is effective only if the hacker *knows* you have limited the keyspace.
Dave, probably one of your best videos. Can you tell me how I can score a job that pays enough for a $8k CPU and $14k worth of GPUs? 😊
Be an early enough employee where stock options are granted then hold onto the stock through a 300 fold increase in revenue?
Fortunately there are modern key derivation functions which resist both CPU and GPU based brute forcing really well, for example Argon2. The d and id versions of the family are especially good against GPUs. Then there are just generally very computationally intensive options, e.g. PBKDF2 for some hundreds of thousands of iterative rounds.
High quality , educational content. Thanks Dave.
P.s : you remind me of Dave from Plant Vs Zombies.
Great video, Dave!
Excellent video, Dave!
I've always been curious how much strict rules designed to enforce password complexity, actually weaken the system as a whole to attack. It's obviously a trade off vs allowing users to enter weak passwords, but if you're brute forcing, how much of an advantage do you gain by knowing that say the password must be 8 - 12 characters long, and contain at least one capital letter, one number, and one special character?
You could work it out but my suspicion is: not much.
If you know this, then you need not test the 1 through 7 character passwords and that saves you an hour on the crunching.
I’ve seen pass phrases being recommended over a mixture of letters and symbols as it’s easier to remember and more difficult to crack due to increased entropy. I use a password manager and for the master password I use a pass phrase with a separator. After watching this video, I can’t help but wonder what one would use as a master password other than words in some shape or form. A physical key is not always an option and since this is the master password used to unlock the password manager, it would need to be something that can be remembered?
Hey Dave! I was wondering if you could explain this to me, as it has happened with websites like Discover and a couple others.
I used to use a password manager to generate all my passwords (still do, but with exceptions), and it used to be super random and involve random special characters. When i reset my password with my Discover account, it accepts the new password. When i try to log on, it says I've the wrong password. After many trial and errors, i came to the conclusion that, even though it accepted the password, one of the special characters must have not had a hash equivalent identifier, but the system didn't flag it as a problem.
Have you experienced anything like this? Do you have a different explanation for this?
Check that your password isn't longer than the maximum allowed on the website. It may have truncated the password before storing it without telling you.
Some characters are treated special by the operating system and might confuse the login process. Some processes don't like a leading special character. Apostrophes ought to be avoided, likewise asterisks and semicolons.
Hi Dave. You demonstrated cracking a zip file with a short password. That is scary. What if I use 7-Zip with AES256 encryption and a 127 character random unicode password? Is that crackable?
Cool video. Made me want to change all my passwords 😂 Question is, why so many security training around the internet and even corporations says we should add special characters and numbers to a password, if it is so much easier to crack by brute force?
Also, can you show how can I get these cool effects on MacOS terminal? Maybe you could share your template?
"why so many security training around the internet and even corporations says we should add special characters and numbers to a password, if it is so much easier to crack by brute force?"
It is easier to crack by brute force when it includes a word which can be found in a dictionary, or a variation on such a word (ie, replacing i by 1 and such), or a dictionary word with some obvious 'special characters' (there really only are a few special characters people tend to use: !@#$%^&*() mostly (and look at your keyboard to see why).
If your password doesn't appear in a dictionary, adding some special characters does help, or better said, when every position in your password can be a letter, number or special character, instead of just a letter, you get more keyspace, and make it harder, provided you absolutely avoid dictionary words.