Is it possible to hack any password? | Real Bruteforce Experiment
Ғылым және технология
👾 Follow this link to know more protect yourself from fraudsters: sumsub.com/liveness/
In this experimental video, we’ll explore the possibility of hacking any password using bruteforce. You're gonna see a step-by-step breakdown of the process. We showcase the tools and techniques commonly used by hackers in order to show the vulnerabilities in password security.
You will find out about practical tips on creating strong, unique passwords and explore additional measures like two-factor authentication.
Don't miss out! Watch now and elevate your knowledge of password security.
#bruteforce #bruteforcing #hacking #sumsub #wifi
00:00 Time to hack a password
02:45 What is offline bruteforcing?
03:52 How can you be hacked?
04:42 What is a Hash?
06:24 Bruteforcing process
13:17 Verification Tool
14:02 Tips from Bruteforcing
16:32 The End
Sumsub - empowering compliance and anti-fraud teams to fight money laundering, terrorist financing, and online fraud.
More about us:
sumsub.com
/ sumsubcom
/ sumsubcom
/ admin
Пікірлер: 107
Have you ever encountered password theft and what were the consequences? Tell the most interesting stories under this comment ;)
@bharathpofficial3719
5 ай бұрын
Why aren't you using Arch Linux ? why Parrot or Kali ? is this because of Reachability ? edit: Basically why Debian ? [Don't just say, Why not ?]
@JoZaHandle
5 ай бұрын
Can you do one on sim swapping?
@MStrong95
5 ай бұрын
Insert the web comic about password cracking from XKCD and how something like a cheap tool from the hardware store might in some cases be enough "motivation" to get someone to tell you their password. I'm not trying to approve of using violence or doing anything criminal but more just the theory that there's sometimes more than one kind of brute force attack
@cv507
5 ай бұрын
what about those röböttic? ´mözaic puzzles v??v after almost have a zentüree äfter bläde runäir you tell us you ´make ´securitti with phasyce ? ´är you outta yer eFFin mäinZ ^?^
@xila8861
4 ай бұрын
May you explain how people use bruteforce on emails and other accounts when it should lock the account after few tries ?
love the way how you organise and show things in videos , excellent
kali has most of the tools youre using..... hash identifiers, hydra , john, mimikatz etc::::::: i think being security concious is the first step in staying safe while using computers
Amazing vid! Was not aware of how bad is my cyber security xD
Never had issues with Bruteforce on my (own) Servers/Services. Just lock Accounts (or/and IP) Policy after 5 unsuccessfully attems. If you "allow" Brute Force.. its up to you.
Ur videos are the real valueable video ❤️
I saw the pwnagotchi video and was like "damn, instant sub"
This video was helpful, at least now I can crack my own passwords if I forget them... And if I can't, that means that I've chosen really good passwords...
If you had a dataset of all the hashes of the password combinations you just described people using, would it not be faster to check a hash against this dataset than it is to re-hash every combination? If you had a 10TB storage unit, you could store about 4 billion hashes. You said that a graphics card could do about a million hashes a second, so 4 billion hashes would take about an hour on average to produce. If it takes 6 hours to go through all those common combinations, you'd just need 60TB of storage to have all of those combinations on hand. They would have to have an index to attach them to whatever password generates that hash in a different database. For 24 billion hashes (if that is our number) that would require an 11-bit or 2-byte index for each hash, which only increases the storage requirement by less than a terabyte. If your storage had a throughput of 3500 MB/s, then it would take you about 4.8 hours at most to find the correct hash, which is only 20% faster. Let's say you had the dataset of hashes divided among 10 computers, though, and you fed each of them the target hash. It would take less than half an hour to do the same work. If you had 100 computers, it would take less than 3 minutes. If you had a thousand computers, it would only take seconds. You could optimize the comparison with sorting algorithms as well. Only search the region of the dataset which matches the first byte of the hash and that'd speed it up by a factor of 256, which split among multiple computers could bring your time to crack down to milliseconds. Your server receives a hash, sends that hash to a farm that compares it to an optimized dataset of all common passwords, and returns the password near instantly.
@LifeExperimentalist
4 ай бұрын
Bro calm down
@Avighna
4 ай бұрын
I was thinking something like this too, really the only explanation as to why this isn't being done is that it requires too much storage / maybe too much infrastructure
@mthia
3 ай бұрын
@@Avighna the main reason is that salt and pepper exist in hashing
@LeoNux-um7tg
14 күн бұрын
if you're able to make those processors of separate computers work in parallel, it will be possible, but bruteforce isn't just word by word but combinations of previous symbols, letters and numbers. If you also meant to make the computers communicate through wireless or wired you're bound to the speed of that medium you are using, which is not noticeable until you make all those thousand of computers communicate on the same medium. This might work with the help of accelerators and make a program than utilize a simultaneous and heterogeneous computing.
@jaxjax2011
14 күн бұрын
@@mthia This makes sense. Salt changes the whole hash including the first characters afaik.
Luckily I changed my password after your short to the one you use in the video. Because It's super secure.
What programming language will need to learn to do for security in data center? I’m interested in Kotlin, will it help?
Video quality and editing is amazing
@Sumsubcom
5 ай бұрын
Thank you so much 😁
Great vid. Best Ive seen to explain this to non-techies. What isnt addressed 1. The computational complexity of muliple words in sequence (obfuscated with special chars) - a method many people (even geeks) use to remember the very few that must be remembered (hopefully one), 2. Combination of any method with bio-measurement (eg facial recognition, fingerprint recognition, iris recognition). How vulnerable is this if hashing is local to the device, 3. Apple’s new passkeys (sounds awfully like ssh to me).
@Sumsubcom
18 күн бұрын
Great points! Happy to have you with us
Sir, You cover the topics very well ❤ I have come to understand When will the next video come sir?❤ Il
@Sumsubcom
5 ай бұрын
In a coupe of weeks! Thank you so much :)
What is the distro you used? I wanted to download it please 🌹
Love your videos ❤️
@Sumsubcom
5 ай бұрын
Thanks!
u got new subs! 😍
This video isn't going to age well. Check back here in 10 years when a 128 year password using 1000 GPUs can be cracked in 10 days by a simple laptop.
@wiezumteufel9024
5 ай бұрын
Until then we have geometric encryption as a standard. The Signal messenger already uses it so quantum computers cant crack their asymmetric encryption (which is even weaker than the symmetric encryption that is used in hard drives or password managers)
@Mango0fDoom
5 ай бұрын
You are not going to have hardware speed up by a factor of about 3 million in 10 years. Assuming Moore's law doubling every 2 years, you are off by a factor of 100,000. Impressive.
What operation system are you using?
Your videos made me a lot more privacy conscious 😅 thanks brother love from india 🇮🇳
@Sumsubcom
5 ай бұрын
My pleasure 😊
What os are you using?
Which os your use ?
Great video! ♥
@Sumsubcom
3 ай бұрын
Thank you!
You can't go wrong with _Password1_
The big disadvantage of two-factor identification is that you need an internet connection, which wouldn't work with an air gap system
@wiezumteufel9024
5 ай бұрын
What about a hardware based 2FA like a digital security key?
@JD2Q2Q
5 ай бұрын
@@wiezumteufel9024you mean like a token based login?
@basspuppy133
5 ай бұрын
Hardware keys mate
So you are telling me my 60 character random password is not going to get cracked so easily. I would have gone for a longer but the service had a character limit. Also since i didn't use a password generator or manager i store it in my primarily 256 bit encrypted server which could be a point of vulnerability, but if the hacker did so much work i would just give up.
Technology will be better in future....for now brute force aint well...but with future tech and ai help... there'll be next level tech for cracking passwords
Good luck with my 300bit entropy passwords.
I miss the old days f modern warfare 2 when it was just the boys and a a Xbox 360👾
Hi guys ,great channel, is it possible to recover wedding photos from a SD card, that has not been overwrite on.? Anyone can reply, thanks for any imput, just says , no history, SD card was put in then took out then put back in.
please make a video of college server hacking🤔
@trueemperor3647
5 ай бұрын
U will be in jail cuz that's LinkedIn with college fees
@fortunegaming4844
5 ай бұрын
Bro woke up and straight away choose violence 😂
@saphalpokhrel8982
5 ай бұрын
Relatable😂
@amalsuresh1203
5 ай бұрын
Even I have been also pondering about this for a long time ... 😂
@MohemedBilal-ub8kg
4 ай бұрын
Yah iam trying these
how can you do 2fa on offline devices? e.g. your hard disk
@xTerminatorAndy
5 ай бұрын
@@carloareaserhow exactly do you add 2 factor on a hard disk? What I mean is protecting against the hard disk being taken out of your computer and attached to another. There is no 2fa for that
No mention of quantum computers in the video, quantum computers would shorten those years to hours and days. Luckily there's no quantum computer yet
@jakubp123
5 ай бұрын
There already are, but they have too few qubits, aka they are not powerful enough yet
@wiezumteufel9024
5 ай бұрын
Quantum computers are mostly a concern for asymmetric encryption (messenger apps) not necessarily that much for symmetric encryption (PW managers, hard drives). And there are also new encryption methods approved by NIST that withstand quantum computers (e.g. geometric encryption)
ty tip
is Proton Pass is Good for storing crypto wallet keys ???
@fickthissut
5 ай бұрын
It's as good as Proton security. I'd recommend Keepass (offline password manager).
@njpme
5 ай бұрын
Better create an encrypted vault then store it offline on multiple devices
This video makes me want to make an enterprise honeypot
Brute force is used to break phones all the time. Usually takes 3 days for a basic 4 digit. A few weeks for 6 digit
@neb_setabed
5 ай бұрын
How do you deal with the phones auto wait period after x amount of failed tries
@username65585
5 ай бұрын
@@neb_setabed Hackers find security bugs that allow that to be bypassed. Apple tries to find and fix these bugs. Then hackers try to find new bugs. It is a constant back and forth
@wiezumteufel9024
5 ай бұрын
@@neb_setabedthey circumvent it. Thats the reason why grapheneOS (most secure open source mobile operating system) is only put on Google Pixel devices. They have a special chip inside (Titan M2) that blocks multiple attempts and basically makes the phone unreadable if someone tries to remove it
@SaintIC
4 ай бұрын
@@neb_setabedthere’s ways too disable them or actually turn them to an extremely high value
I have a Flipper Zero device. Amongst the many things it can do is there are brute force garage door attacks. If I know what make of garage door you have, I can load the brute force attacker & sit there as it runs through all of the possible combinations for the garage door remote until your garage door opens door me. Once I know where it opened your door I can program the device for that number & stop by & open your garage door any time I wish.
Can you explain what is 'cicada 3301' And what if, if someone solve this puzzle then what he achievements
@kingvergaz
5 ай бұрын
Check their old videos they talked about it.
@basspuppy133
5 ай бұрын
They already talked about it and there's 50x other videos about the topic. It's already been done to death. There's more interesting things to talk about.
BRO, Please make your command prompts extend a few more keyframes on completion. damn, you say pause, but it’s next to impossible to screen shot them when you have some crazy transition play before I can screenshot the full output. thx bruh! love the video!!
Which linux is he using? Looks similar to blackarch but im not sure. if anyone knows pls comment
@cluodalex2794
5 ай бұрын
Ubuntu maybe
@tombrandis2866
5 ай бұрын
I don't think you can tell with linux as its quite customisable- if you want it to look like that you can probably use any distro you want
Why are there 1.8M like son 5k views?
Any password can be cracked with a wrench attack.
@electrowizard2658
5 ай бұрын
hahahah
We do bruteforce in Android password but only 3-5 try after it's lock for 30 min how to bypass and try unlimited trys
I crimged pretty hard when you said authentifucation 😂 It's *authentication* - no "if" in there. And offline attacks against whole-disk encryption are a lot harder if the encryption key is in the computer's Trusted Platform Module rather than on-disk. Having it on-disk is like hiding your front door key under the door mat.
15627
Take a long phrase from the Bible and select an obscure language. This may be one of the hardest passwords to brute force.
but in the end, the password “1111” is still the most secure, because Bruteforce does not check this combination
@Zac_Cole
Ай бұрын
What do you mean
@BSX_VR
6 күн бұрын
😐
Let's put 10 ads in a 16 min video what a classic.. you clowns
@ImARealHumanPerson
5 ай бұрын
It's December. The payouts are 🤌 You'll see a lot of ads this month.
@bharathpofficial3719
5 ай бұрын
what bro is using chrome with "Add extra ads" extension ?
@vinnypistone.
5 ай бұрын
Bro I'm just using the youtube app? Wtf is chrome ?
@bharathpofficial3719
5 ай бұрын
@@vinnypistone. now see who is clown!!
@ImARealHumanPerson
5 ай бұрын
@@vinnypistone.Use Revanced