Password Encryption

Oh yes, but i mean like, i want to see what is his password, just curious what people write :D well, i believe it doesnt matter as much as i could access thier accounts anyways xd , just a curiousity .

Well, that sounds like no password is ever know to anyone apart from the user. But though, while the company have the algorythm , the encryption, they can still know the letters typed right? as i look on internet , there are several popular passwords and i believe, they are uncrypted for the survey or something, or maybe if i think it different way , they might just record all passwords and if somebody types the same , +1 i believe maybe . I do sometimes see, when i was youg, that there was an error saying the password is too popular while signing into a game around 6 years ago .

So if we take facebook, people can have very random passwords, so even the owner of it, wont know what they typed riight? as well as other information like credit cards encrypted? etc..

Are there any ways to break the password encryption? it sounds pretty tough do do anything with it, or maybe i believe you have to hack in the server or whatever and see the algorythm and then you can break it maybe ? : p sounds kind of easy ( the encryption) but im sure its complicated. While we write md5 , somebody has write the code for it as well as for others but then these algorythms seem like unbrekable .

While learning PHP, theres soo much about the " Preventing of Hackers" , it would be much simpler without it : p then i believe , i think a site get 4 attacks for month, the better ones i read somewhere i think. I believe treehouse has several attack maybe .

A few points:

Many encryption algorithms can be cracked with enough time and processing power, however the good algorithms would need vast amounts of time and processing power it is just not feasible to do so.

Most password hacks are done using dictionary attacks by trying the most commonly used passwords, but the hacker would need to get hold of the stored database of encrypted passwords to do this.

A website could tell you your password is too popular and not know it if they use encryption but do not use a seed.

md5 is a hashing algorithm, it is one way and cannot be reversed to get the original value.

Mark.

Somebody couldv created a dictornary of md5 since its allways the same : p

Though, the dictionary and the random characters, would take years as i heared , i believe the person would mostly like to crack : p I mean, when somebody hacks into your service, what are they doing? are they into as you , as admin and can do wahtever they want? so when they see the encription, they cant say what is this right?

You would need a dictionary of plain text passwords, a dictionary of just md5 hashes would only allow you to determine if a password matches one in your list, you still would not know the password unless you created your md5 dictionary from a plain text list of course...

Anyone gaining access any sort of access to your site, network, server etc could gain any level of access depending on the exploit they have used. You have to assume the worst case, thats why you hold encrypted versions of your users passwords.

The site isn't decrypting the md5 its doing a lookup on a database of known md5 hashes along with the text that created them. md5 is not considered to be a sufficiently secure method nowadays as these types of dictionary lookups are possible with todays hardware.

Solutions to make passwords more secure would be to use a better algorithm multiple times over say 1000's of times or use a memory hard algorithm. See this video: https://www.youtube.com/watch?v=gICktQu1ySU

Yes, but see, thats the problem with the md5 , it has a dictionary allready : p

And wow, seriously , why do people hack? i mean criminals with this types of computers? like eh , what about he indivituals hackes that broke to NASA ? or someone , what are they? what they do ? do they just write a much much better code then all the popel at NASA and the security guys? and how do they manage to track him down with satelite? like if the hacker cant block the signal? or something so its not enabled to track him down?

Thats interesing , im goign to watch more of this kind of videos.