Placeholder Image

字幕列表 影片播放

  • And then Sam and Frodo lived happily ever after

  • The end. BOOM! My novel is complete.

  • Hi there. Good to see you. My name is Jake Roper and now you might be asking yourself

  • Jacob, why is half of your hair buzzed? Well that's a great question.

  • It's not just because I really like the character Rodger from the show, Doug

  • or Skrillex or any kind of combination of the two.

  • It's because I'm working on a very secret project

  • that looks like this. It's gonna be amazing. I'm very excited for it but again it is a secret. You know what else is a secret?

  • Passwords. And that's what this DONG is all about. Passwords. How secure is your password?

  • Could you make it better? Maybe?

  • Probably. Let's find out with some DONGs, things that you can do online now guuuuys. Time that one out, Hannah.

  • First things first, let's test how secure your password is.

  • We'll go to howsecureismypassword.net and

  • we featured this on a DONG before but it is a very useful in this situation.

  • Let's try the password, michaelstevens.

  • Oh look at that! It's gonna take about 51 years for a computer to crack but look what happens

  • if we add a 2.

  • Now it has gone up from 51 years to 175 thousand years.

  • And sure Michael Stevens2 is not too difficult to remember but many internet users have

  • more than one account and some even have close to 100. I mean I have a different password for every account that I have so it kinda gets a little bit difficult.

  • But if you want to make strong passwords that are different for every account like moi it can be

  • hard to keep them all together.

  • That's where a service like LastPass comes in which I personally use and I've been using for years and they were also nice enough to sponsor this episode

  • and support Vsauce and the DONG.

  • Now LastPass is great because you don't have to memorize all your passwords.

  • It stores all of them which is convenient but it also can autofill for you because I always do the thing where I type in a password

  • and it's not the right one and I keep typing it in until I get locked out of my account. This autofills it because there are plugins for your browser

  • and there's also an app for your phone which is very nice.

  • Also it can generate random passwords for you which turn out to just be like a long string of numbers and letters

  • which is good for security. And you can try LastPass for free for as long as you want. No credit card required.

  • Link at the top of the description which is very nice.

  • Now. Passwords. How secure are they really?

  • Because in 2014 it was estimated that 47% of adults in the US had some personal information stolen.

  • Now to find out we can use this hash generator.

  • Hash values are generated by a one-way function so you can get the hash value if you have

  • the password but not the password with just the hash value.

  • A variety of these hash-generating algorithms exist

  • But computerphile has a great video that breaks down how SHA-1, a hash function works.

  • It has recently been replaced by more secure algorithms but it was widely used for many

  • years.

  • These irreversible functions don't mean a weak password will protect you from theft

  • or fraud though and I'll explain why in a little bit.

  • For now let's check the strength of yours.

  • So let's type Michaelstevens into the hash generator.

  • and this one uses SHA-1 but there are others as well.

  • Ok so typed in michaelstevens.

  • Here's our hash value. So let's just copy that.

  • Now we can go to crackstation and see if it can figure out what our password was from

  • the hash we copied in.

  • Figured it out almost immediately.

  • And that's not a huge surprise because crackstation draws from a 15-billion entry lookup table

  • Now add 1.5 billion entries for the remaining algorithms.

  • A lookup table is a storage format that lists passwords next to their corresponding hash

  • values.

  • It sounds tedious to create but when you realize that crackstation can decrypt 20 passwords

  • at once in a matter of seconds it becomes easier to wrap your head around.

  • And this brings me back to my point about the necessity of a strong password despite

  • complex hashing algorithms.

  • If you use a common one likepasswordyou can be pretty sure that somewhere within

  • those 16.5 billion entries exists a hash value for password.

  • So what if we now hash michaelstevens2?

  • Adding a number helps because it is a very easy form of Salting.

  • It adds a random string of characters, the salt, to the beginning or end of a password

  • before it's hashed.

  • It makes a password easier to crack because you can't use a lookup table since it's

  • impossible to predict what the salt is.

  • And if you were hoping for a generator to create a salted password well

  • we've got you covered

  • with Salt the Pass.

  • So let's try one of those easily hackable passwords we used earlier, like password. Great. Now let's copy it and put it into crackstation.

  • So I know what you're thinking, Jake, $$$michaelstevensfan345#2508 is too hard to remember.

  • How do I stay safe from ill-intentioned people trying to steal all my stuff?

  • Easy my friend, with pass phrases, a random collection of words like zebra dance onion parachute.

  • But what if that isn't random?

  • I mean for me it probably is because I've never been with all four of those things at the same time

  • but what if I had?

  • What if a hacker knows I love all of those things and can guess it?

  • That's where diceware passphrase comes in.

  • This method makes sure the words you choose are 100% random.

  • Each word in the given list corresponds with 5 numbers.

  • Roll a die five times, write down the digits, and select your first word.

  • Now keep doing this until you get however many words you want.

  • If that rolling seems a little too tedious for you then good news there's this dice simulator right here that lets you

  • click a button for 5 rolls simultaneously.

  • Please comment your 3 word passphrase below and also whatever salt you added to it.

  • Now good luck finding it in a lookup table which by the way, may be an efficient strategy

  • for nefarious people, but the drawback is that it takes up a lot of storage.

  • For the low-storage hacking solution there's the brute-force method.

  • You've probably heard of this technique before. It's essentially just trial and error.

  • The hacker guesses different combinations of passwords until they get the correct one.

  • And there are programs to make it go faster, like John the Ripper, but brute force is one of

  • the slowest, most tedious methods.

  • So we can actually check this out. If we got to betterbuys.com you'll see how quickly your password would be figured

  • out using brute force.

  • It's really cool to see how just by adding a few numbers you can increase the time it

  • takes to hack by a matter of years or millennia or even infinity.

  • You can also see how it would differ depending on the year and computer processing power.

  • We're gonna set it to 2018 and

  • it would take 135 millennia.

  • Okay now if we make it password was it would take .2 milliseconds.

  • But if this was the year 1982, it would take 39 jiffies.

  • Which is fantastic because I love the word jiffy.

  • A jiffy is an unspecified short period of time.

  • So when people tell you they'll be back in a jiffy and they don't come back for

  • years you can call them a liar.

  • Still waiting for you to come back Michael Stevens. Said you were going to the grocery store and you never came back.

  • Just left mom and I alone.

  • Anyway, as technology evolves and hackers become more proficient, cracking passwords

  • becomes faster and faster.

  • The point of all of this let me close this we're gonna get a little one on one time.

  • Point of this isn't to scare you really. One I think it's just kind of cool to see how secure your password is.

  • And just play around with it.

  • The other is that security is important on the internet.

  • I get an email pretty much every day from one of my accounts saying that

  • someones tried to reset my password. So that's why I think this is very valuable

  • to investigate. Ya know?

  • Do it with your friends. Check some passwords.

  • That's what I do on a nice Friday night. Check for passwords. Wait for dad

  • to come home and yes. So there's links to the DONGs down in the description

  • If you wanna check out LastPass which I would highly recommend. I really really like their software.

  • There's a link down there at the top of the description and

  • what was that? Yeah. As always

  • dad come home.

  • Thanks for watching.

And then Sam and Frodo lived happily ever after

字幕與單字

單字即點即查 點擊單字可以查詢單字解釋

B1 中級

你的密碼有多安全? (How Secure Is Your Password?)

  • 3 0
    林宜悉 發佈於 2021 年 01 月 14 日
影片單字