Passwords & hash functions (Simply Explained)
Simply Explained
7 min, 28 sec
The video explains different methods of password protection and the effectiveness of each, including hashing with salt and slowed-down hash functions.
Summary
- The video begins by discussing a website that checks for compromised online accounts and questions the security of passwords.
- It explains three methods of password storage: plain text, encryption, and hash functions.
- The downsides of plain text and encryption are discussed, with emphasis on the superiority of hash functions.
- The concept of hashing with a salt and using intentionally slow hash functions to thwart brute force attacks is explained.
- Dropbox's multi-layer protection method is used as an example of robust password security.
Chapter 1
![The video introduces the concept of password security and the problem of compromised accounts.](https://www.videogist.co/rails/active_storage/representations/redirect/eyJfcmFpbHMiOnsiZGF0YSI6MTQ1Mjg0LCJwdXIiOiJibG9iX2lkIn19--05a4181dc0e6dd3bc3cfb0a741ee6e83301fd17c/eyJfcmFpbHMiOnsiZGF0YSI6eyJmb3JtYXQiOiJqcGciLCJyZXNpemVfdG9fbGltaXQiOls3MjAsbnVsbF19LCJwdXIiOiJ2YXJpYXRpb24ifX0=--c9426325207613fdd890ee7713353fad711030c7/8503_9.jpg)
The video introduces the concept of password security and the problem of compromised accounts.
- The video discusses a website that informs users if their accounts have been compromised.
- It questions whether hackers really know the users' passwords after a breach.
![The video introduces the concept of password security and the problem of compromised accounts.](https://www.videogist.co/rails/active_storage/representations/redirect/eyJfcmFpbHMiOnsiZGF0YSI6MTQ1Mjg0LCJwdXIiOiJibG9iX2lkIn19--05a4181dc0e6dd3bc3cfb0a741ee6e83301fd17c/eyJfcmFpbHMiOnsiZGF0YSI6eyJmb3JtYXQiOiJqcGciLCJyZXNpemVfdG9fbGltaXQiOls3MjAsbnVsbF19LCJwdXIiOiJ2YXJpYXRpb24ifX0=--c9426325207613fdd890ee7713353fad711030c7/8503_9.jpg)
Chapter 2
![Explains three methods of storing passwords and their risks.](https://www.videogist.co/rails/active_storage/representations/redirect/eyJfcmFpbHMiOnsiZGF0YSI6MTQ1Mjg2LCJwdXIiOiJibG9iX2lkIn19--3b066aa0352dcff5e3e4b36acb11684c22cd5427/eyJfcmFpbHMiOnsiZGF0YSI6eyJmb3JtYXQiOiJqcGciLCJyZXNpemVfdG9fbGltaXQiOls3MjAsbnVsbF19LCJwdXIiOiJ2YXJpYXRpb24ifX0=--c9426325207613fdd890ee7713353fad711030c7/8503_75.jpg)
Explains three methods of storing passwords and their risks.
- Describes plain text storage as dangerous due to vulnerability in case of a data breach.
- Encryption is discussed as an alternative, but it's still risky if the encryption key is also stolen.
- Hash functions are introduced as a one-way, more secure method.
![Explains three methods of storing passwords and their risks.](https://www.videogist.co/rails/active_storage/representations/redirect/eyJfcmFpbHMiOnsiZGF0YSI6MTQ1Mjg2LCJwdXIiOiJibG9iX2lkIn19--3b066aa0352dcff5e3e4b36acb11684c22cd5427/eyJfcmFpbHMiOnsiZGF0YSI6eyJmb3JtYXQiOiJqcGciLCJyZXNpemVfdG9fbGltaXQiOls3MjAsbnVsbF19LCJwdXIiOiJ2YXJpYXRpb24ifX0=--c9426325207613fdd890ee7713353fad711030c7/8503_75.jpg)
Chapter 3
![Delves into hash functions and their one-way property for secure password storage.](https://www.videogist.co/rails/active_storage/representations/redirect/eyJfcmFpbHMiOnsiZGF0YSI6MTQ1Mjg4LCJwdXIiOiJibG9iX2lkIn19--f9bcb5f9efc8bbc807964a5eab8b803027b7d15d/eyJfcmFpbHMiOnsiZGF0YSI6eyJmb3JtYXQiOiJqcGciLCJyZXNpemVfdG9fbGltaXQiOls3MjAsbnVsbF19LCJwdXIiOiJ2YXJpYXRpb24ifX0=--c9426325207613fdd890ee7713353fad711030c7/8503_146.jpg)
Delves into hash functions and their one-way property for secure password storage.
- Explains that hash functions convert data into a fixed-length string, providing an example with 'Hello World!'.
- Emphasizes the one-way nature of hash functions, preventing the original data from being retrieved from the hash.
![Delves into hash functions and their one-way property for secure password storage.](https://www.videogist.co/rails/active_storage/representations/redirect/eyJfcmFpbHMiOnsiZGF0YSI6MTQ1Mjg4LCJwdXIiOiJibG9iX2lkIn19--f9bcb5f9efc8bbc807964a5eab8b803027b7d15d/eyJfcmFpbHMiOnsiZGF0YSI6eyJmb3JtYXQiOiJqcGciLCJyZXNpemVfdG9fbGltaXQiOls3MjAsbnVsbF19LCJwdXIiOiJ2YXJpYXRpb24ifX0=--c9426325207613fdd890ee7713353fad711030c7/8503_146.jpg)
Chapter 4
![Discusses the vulnerabilities of hash functions, including speed and identical hashes for common passwords.](https://www.videogist.co/rails/active_storage/representations/redirect/eyJfcmFpbHMiOnsiZGF0YSI6MTQ1Mjg5LCJwdXIiOiJibG9iX2lkIn19--13e4c728bde004571a985df24400e059bd52cbd2/eyJfcmFpbHMiOnsiZGF0YSI6eyJmb3JtYXQiOiJqcGciLCJyZXNpemVfdG9fbGltaXQiOls3MjAsbnVsbF19LCJwdXIiOiJ2YXJpYXRpb24ifX0=--c9426325207613fdd890ee7713353fad711030c7/8503_203.jpg)
Discusses the vulnerabilities of hash functions, including speed and identical hashes for common passwords.
- Addresses the susceptibility of fast hash functions to brute-force attacks.
- Illustrates the problem of identical hashes for common passwords like 'qwerty'.
![Discusses the vulnerabilities of hash functions, including speed and identical hashes for common passwords.](https://www.videogist.co/rails/active_storage/representations/redirect/eyJfcmFpbHMiOnsiZGF0YSI6MTQ1Mjg5LCJwdXIiOiJibG9iX2lkIn19--13e4c728bde004571a985df24400e059bd52cbd2/eyJfcmFpbHMiOnsiZGF0YSI6eyJmb3JtYXQiOiJqcGciLCJyZXNpemVfdG9fbGltaXQiOls3MjAsbnVsbF19LCJwdXIiOiJ2YXJpYXRpb24ifX0=--c9426325207613fdd890ee7713353fad711030c7/8503_203.jpg)
Chapter 5
Chapter 6
![Details slowed-down hash functions such as bcrypt, scrypt, and argon2 to counter brute force attacks.](https://www.videogist.co/rails/active_storage/representations/redirect/eyJfcmFpbHMiOnsiZGF0YSI6MTQ1Mjk1LCJwdXIiOiJibG9iX2lkIn19--fac9e3804b71435764f5b750dc69b2e2ddfbda90/eyJfcmFpbHMiOnsiZGF0YSI6eyJmb3JtYXQiOiJqcGciLCJyZXNpemVfdG9fbGltaXQiOls3MjAsbnVsbF19LCJwdXIiOiJ2YXJpYXRpb24ifX0=--c9426325207613fdd890ee7713353fad711030c7/8503_320.jpg)
Details slowed-down hash functions such as bcrypt, scrypt, and argon2 to counter brute force attacks.
- Discusses special hash functions that are intentionally slow to prevent brute force attacks.
- The 'cost' parameter is explained as a means to control the speed of the hashing algorithm.
![Details slowed-down hash functions such as bcrypt, scrypt, and argon2 to counter brute force attacks.](https://www.videogist.co/rails/active_storage/representations/redirect/eyJfcmFpbHMiOnsiZGF0YSI6MTQ1Mjk1LCJwdXIiOiJibG9iX2lkIn19--fac9e3804b71435764f5b750dc69b2e2ddfbda90/eyJfcmFpbHMiOnsiZGF0YSI6eyJmb3JtYXQiOiJqcGciLCJyZXNpemVfdG9fbGltaXQiOls3MjAsbnVsbF19LCJwdXIiOiJ2YXJpYXRpb24ifX0=--c9426325207613fdd890ee7713353fad711030c7/8503_320.jpg)
Chapter 7
![Discusses the multi-layer approach to password protection using Dropbox as an example.](https://www.videogist.co/rails/active_storage/representations/redirect/eyJfcmFpbHMiOnsiZGF0YSI6MTQ1Mjk3LCJwdXIiOiJibG9iX2lkIn19--08adc73ade76fa0aff8f38175bf7e36f472f8f09/eyJfcmFpbHMiOnsiZGF0YSI6eyJmb3JtYXQiOiJqcGciLCJyZXNpemVfdG9fbGltaXQiOls3MjAsbnVsbF19LCJwdXIiOiJ2YXJpYXRpb24ifX0=--c9426325207613fdd890ee7713353fad711030c7/8503_374.jpg)
Discusses the multi-layer approach to password protection using Dropbox as an example.
- Explains Dropbox's method of using simple hash functions followed by bcrypt and AES encryption.
- Highlights the importance of multi-layer protection to significantly increase the difficulty of cracking passwords.
![Discusses the multi-layer approach to password protection using Dropbox as an example.](https://www.videogist.co/rails/active_storage/representations/redirect/eyJfcmFpbHMiOnsiZGF0YSI6MTQ1Mjk3LCJwdXIiOiJibG9iX2lkIn19--08adc73ade76fa0aff8f38175bf7e36f472f8f09/eyJfcmFpbHMiOnsiZGF0YSI6eyJmb3JtYXQiOiJqcGciLCJyZXNpemVfdG9fbGltaXQiOls3MjAsbnVsbF19LCJwdXIiOiJ2YXJpYXRpb24ifX0=--c9426325207613fdd890ee7713353fad711030c7/8503_374.jpg)
Chapter 8
![Concludes by emphasizing immediate password changes after breaches and the effectiveness of cryptographic security measures.](https://www.videogist.co/rails/active_storage/representations/redirect/eyJfcmFpbHMiOnsiZGF0YSI6MTQ1Mjk5LCJwdXIiOiJibG9iX2lkIn19--8acb19035d01787d491446ef8ba95ec77a83e76f/eyJfcmFpbHMiOnsiZGF0YSI6eyJmb3JtYXQiOiJqcGciLCJyZXNpemVfdG9fbGltaXQiOls3MjAsbnVsbF19LCJwdXIiOiJ2YXJpYXRpb24ifX0=--c9426325207613fdd890ee7713353fad711030c7/8503_417.jpg)
Concludes by emphasizing immediate password changes after breaches and the effectiveness of cryptographic security measures.
- Urges changing passwords immediately after a breach, highlighting that hackers may not have actual passwords due to hash functions.
- Encourages understanding the role of cryptography in protecting passwords.
![Concludes by emphasizing immediate password changes after breaches and the effectiveness of cryptographic security measures.](https://www.videogist.co/rails/active_storage/representations/redirect/eyJfcmFpbHMiOnsiZGF0YSI6MTQ1Mjk5LCJwdXIiOiJibG9iX2lkIn19--8acb19035d01787d491446ef8ba95ec77a83e76f/eyJfcmFpbHMiOnsiZGF0YSI6eyJmb3JtYXQiOiJqcGciLCJyZXNpemVfdG9fbGltaXQiOls3MjAsbnVsbF19LCJwdXIiOiJ2YXJpYXRpb24ifX0=--c9426325207613fdd890ee7713353fad711030c7/8503_417.jpg)