Cracking passwords using ONLY response times | Secure Python

Опубликовано: 30 Сентябрь 2024
на канале: mCoding

176,366

9.4k

Security in programming is difficult to achieve.
Try Anvil: https://anvil.works/mcoding

In this video, we take a look at a class of attacks called "Timing Attacks" that use the amount of time that it takes a server to respond in order to gather secret information from the server. Not all servers are susceptible (common popular ones are not when properly configured), but if you don't know about timing attacks, one you write might be! Any secure Python code must be resistant to timing attacks. You don't need to worry, popular Python web frameworks like Flask and Django are safe to use.

Note: For those wondering why I did not include discussion of a slow_equals to thwart the attack, I decided not to because this is a bandaid on the larger problem that the server shouldn't have even stored your password in the first place. Only hashes should be stored.

― mCoding with James Murphy (https://mcoding.io)

Source code: https://github.com/mCodingLLC/VideosS...

SUPPORT ME ⭐
---------------------------------------------------
Patreon:   / mcoding
Paypal: https://www.paypal.com/donate/?hosted...
Other donations: https://mcoding.io/donate

BE ACTIVE IN MY COMMUNITY 😄
---------------------------------------------------
Discord:   / discord
Github: https://github.com/mCodingLLC/
Reddit:   / mcoding
Facebook:   / james.mcoding

CHAPTERS
---------------------------------------------------
0:00 Intro
1:08 Background and setup
3:03 Cracking the length
5:19 Cracking the characters
7:22 Try it
8:08 Outro