1
00:00:00,300 --> 00:00:05,790
In this video, let's try to look into what is standard password, and so in the previous video, we

2
00:00:05,790 --> 00:00:13,590
have seen no password and code, which clearly indicates there is no encryption or encoding or hashing

3
00:00:13,590 --> 00:00:17,580
mechanism inside it, and the passwords will be dealt using plain text.

4
00:00:17,820 --> 00:00:21,620
So I would say standard password encoded is the next advanced version.

5
00:00:22,080 --> 00:00:31,440
So you can see ENCODE Method will internally call some encode helper method to help with this standard

6
00:00:31,440 --> 00:00:38,530
password encoder will follow algorithm at such a 256 and it has two types of constructors.

7
00:00:38,580 --> 00:00:42,230
One is you just call without any arguments.

8
00:00:42,240 --> 00:00:48,850
That means it will use this as such a 256 algorithm and without any sort of secret.

9
00:00:49,110 --> 00:00:57,780
And the other one is you can also mention a secret associated to your password that is a 256 algorithm

10
00:00:57,780 --> 00:01:05,940
can leverage when generating cash value for the purpose of secret outside in hashing mechanism or encryption

11
00:01:05,940 --> 00:01:14,130
mechanism is it will add more complexity to the hashing mechanism so that whatever attempts that hackers

12
00:01:14,130 --> 00:01:21,780
will do to decode your password will get delayed, like a contrast to my user to not to have some simple

13
00:01:21,780 --> 00:01:23,450
passwords like one, two, three, four, five.

14
00:01:23,670 --> 00:01:31,410
But whoever is doing the importance of brute force attack hackers will try all possible most common

15
00:01:31,410 --> 00:01:38,640
passwords and they can easily check whether my hash existing in database is matching to one, two,

16
00:01:38,640 --> 00:01:43,830
three, four, five hash and they can easily decoded and assume, OK, one, two, three, four is the

17
00:01:44,130 --> 00:01:45,450
password of this user.

18
00:01:45,450 --> 00:01:50,970
Because what the hackers have written are what hacker how already for one, two, three, four, five

19
00:01:51,090 --> 00:01:54,240
is matching with the hash that is present in the database.

20
00:01:54,510 --> 00:02:03,360
Since we can't just treat our users to have only such complex passwords to guess what we can do in such

21
00:02:03,360 --> 00:02:10,800
scenarios, we can add in the backend inside our secret to this password provided by the user.

22
00:02:11,009 --> 00:02:15,020
So that's the purpose of the secret that we are seeing here.

23
00:02:15,420 --> 00:02:20,280
So in such scenarios, we will generate some random secret or whatever we are passing to.

24
00:02:20,280 --> 00:02:28,230
The this constructor will be included in the hashing of the password that we share and while decoding

25
00:02:28,230 --> 00:02:35,400
until since the secret value is stored inside the hash value of the password while decoding.

26
00:02:35,400 --> 00:02:40,980
Also this algorithm will try to extract sort of secret associated to that hash.

27
00:02:40,980 --> 00:02:46,860
And the same secret will be applied to the new password that we are going to share through UI and once

28
00:02:46,860 --> 00:02:49,310
the hashes in return it will try to back.

29
00:02:49,740 --> 00:02:51,900
So that's where you can see here in the matches.

30
00:02:52,050 --> 00:03:00,330
First, it will try to decode the encoded password and from the decoded value it will generate assault,

31
00:03:00,330 --> 00:03:02,360
which is already store Bozak.

32
00:03:02,520 --> 00:03:08,940
It will try to compare what we have password after digesting it with all the data stored value.

33
00:03:09,240 --> 00:03:17,760
But here you can easily see that reversible is possible here since this is not a one way hashing mechanism

34
00:03:17,760 --> 00:03:20,490
like decrypt or script password encoders.

35
00:03:20,880 --> 00:03:25,770
So due to that reason, this used to be used in the legacy applications.

36
00:03:25,920 --> 00:03:32,940
But this is not recommended for these days because now the processes of the servers that attackers are

37
00:03:32,940 --> 00:03:35,070
using are strong enough to detect.

38
00:03:35,280 --> 00:03:40,350
What is your password for such weak algorithms like SSL 256?

39
00:03:40,740 --> 00:03:47,700
So due to this reason, standard password encoded also duplicator and spring security people also clearly

40
00:03:47,700 --> 00:03:52,200
highlighting this is the best password and coding is not considered secure.

41
00:03:52,470 --> 00:03:59,610
Instead, use and add up to one function like password in order or a script or any password encoder,

42
00:03:59,610 --> 00:04:01,830
which is one way hashing function.

43
00:04:02,370 --> 00:04:07,920
So due to that reason, we should avoid using the standard password encoding also.

44
00:04:08,100 --> 00:04:14,210
But I'm just giving details about it because still there are legacy applications which are developed

45
00:04:14,220 --> 00:04:16,079
in years before they still use users.

46
00:04:16,320 --> 00:04:18,370
So we should be aware of this thing.

47
00:04:18,600 --> 00:04:23,830
So let's try to look into what the other password encoders provided by Springsure in the next.

48
00:04:24,090 --> 00:04:24,600
Thank you.

49
00:04:24,600 --> 00:04:25,020
And by.