Can you decrypt a hashed password? #shorts #encryption #hashing #password

Do you agree with me? Hopefully this answers questions about Hashcat and other stuff mentioned in the comments :)

davidbombal

I think a lot of people confuse hashing and encryption

JimmyS

If it was possible to get the original data, hash would be the best file compressor of all times 😅

craniusfawkes

I think you should also mention that if the hashes matches it doesnt mean that you got the original input. Hash collisions are inevitable if you allow hashing of bigger data than the size of the hash. (pigeon hole principle)

Forficulas

For added hash security, you could salt the hash. Unsalted hashes has rainbow tables available which lets you query a hash (in etc an SQL table) to obtain first available password for that hash.
Salting a hash means you append etc the account id or registration date to the password before hashing it, making it much more resistant to rainbow tables.

MrBrannfjell

Good explanation. Thank you! This is also the reason why the EU Privacy Policy doesnt allow web services to store passwords anymore, but their hashes.

McLOVIN-vftp

Very well explained. The only caveat not mentioned is that just because the hashes are the same, doesn't neccesarily mean that the input data is the same, as multiple pieces of data may share the same hash (these are called collisions) but, its incredibly unlikely, especially from the context of brute forcing.

Edit: Wow, this blew up! Lots of good discussion and points below too!

andystovell

In short, you can't reverse it, but you can check that it hasn't changed. You "can" however use a Rainbow Table and check hashes with your own hashes to "reverse" it and get the data. But that would mean that you ALREADY have it, hence there being NO WAY to reverse it and why it's a one way function.

Quantum_

Good explanation!
However, an important point was left out: two different input values ​​can produce the same hash.

This means that the password may be found, or a random value that results in the same hash.

romi

People really think they discovered the cheat code to storage space.

Webberjo

It is also worth noting that it is possible to get the same hash with 2 different inputs; Getting the same hash doesn't always mean you have the same original data

aPEDESTRIAN

People are still confusing Hashing with Encryption. Hashing for data integrity and Encryption for data confidentiality, keep that in mind.

Reacher

Your explanation was very clear the first time. They didn't just understand.

hotdailymemes

The issue is when passwords have been leaked so more common phrases and their hashes are already on a list which can make it easier for hackers to get into an account.
This is also why the salt and pepper concept exists where you add another random string to the password that gets stored separately but always stays the same to make the hash unrecognisable. Pepper is just adding another random character each time which means it tries 30-ish combinations on every login to further jumble the hash.

maxmustsleep

I kept asking myself about this and you just come outta nowhere solve my question :D

_tr

That was a fantastic explanation. Hashing is a deterministic one way function. So if you have the same output than you can say you have the same input, that doesn't mean you can reverse the output.

stt.

It's like cooking. You cannot reverse the process to know the ingredients but you can guess and guess until you get the correct recipe.

pijesz

This clip was very informative and easy to understand. Well done and thank you!

epgendreau

I’ve been a malware analyst and cybersecurity manager since 2009… Hashing is a one way function. The people arguing clearly know absolutely nothing about the subject.

stevem

😂 David, you are the man! Some people watch a couple YouTube videos on "hacking" and all of a sudden, they're pros lol. Take the time and research anything and everything you can, just like David. Keep it up man, love your videos

cdlowe