When you first announced you were gonna make daily videos for the next few days, I was just expecting vlogs and what you do in your day to day life. But we're getting actual high quality videos where we(and you!) learn something new everyday! These videos are both entertaining and educational. Keep doing what you're doing Kalle, and you're gonna get to a million subscribers soon! You definitely deserve it :)
I just finished watching the video and I can confidently say I've learnt nothing of value from this video. The only thing I took away is that it took him about 10 hours to build this. Be careful of watching youtube channels that make you think you're learning something but you're actually not, you can use your time in much more effective ways.
@@bobsmithy3103 i might not have learnt anything myself, that was not what he was trying to do. But it was both interesting and entertaining to see how he approaches the problem, i gotta appreciate him for that
Kalle motivates me to work and strive for what I set out for. These videos are more than just inspiration to me , its like fuel to keep me running. I must say Kalle is one of the best tech vloggers with a unique style of content .
Instead of hashing, you can use encryption algorithms with a secret key The algorithms are basically the same as hashing algorithms but they are reversibles with the secret key
if you hash your stored passwords then you can’t restore them to use on other website or program. so i guess it is better to do encryption to the passwords you store and only hash the masterpassword for the password manager
I think that he uses the stored hash as a password, you can't save a "custom" password. Like at 12:37 I think that "hellofacebook" is only used to create something that goes into the clipboard and you use as a password. At 13:28 you see that the password is made of random letters, numbers and symbols (the hash of something he wrote in a process like the one at 12:37).
I was just doing a course on cybersecurity that recommended the use of password managers and I was really considering creating one in C++. Thanks for this, it will help a lot :)
Tip: Use docker to setup postgres or your whole dev environment next time. It'll be easier to get up and running and if you create a docker file then it'll be even easier to replicate the whole environment for your next projects.
I was trying to make a password for a few days now! Since I'm a newbie to Python, I tried to avoid SQL and thought about storing encrypted passwords in a TEXT file I did that , but it didn't so seem good, so I completely started from scratch again and this time I added a Hashing algorithm , SQL Database (also encrypted see:SQLcipher) , Search Engine and maybe even a GUI This video helped alot Kalle!
Oooh, this was super cool to watch. Nice build! Much impress. Especially love how you notate out your requirements before getting to work. SDLC game strong. :)
Why not use docker for running services like dbs, caches, message brokers etc... there really isnt a point of installing a dev environment that is not replicable on different computers/OSes anymore
@Rahmi Acar Good thing I live in Saudi Arabia where the normal temps around 45+ C 😅 The coldest weather I've ever experienced was in the northern region when it reached around 6 C ( I almost died that day 😂)
@@__se7entin__ also, becaue the way passwords are cracked. If attacker has the hash and knows which function was used it can be cracked easily, by brute force hashing passwords until the hash is found.
im currently designing my own encryption algorithm. i know people say dont do it cause it wont be secure but i wanna learn new things. so i could add that to this kind of idea
This is ok for a prototype. But for a real production build I would actually require a master password to decode every pass in the DB. I would also use SQLalchemy, host the db somewhere online (Aws or Azure) and add some tests to avoid regression. This is nice tho.
i really like your videos, i really watched every video that came out lately, they just keep getting better, keep it up !! I also started coding recently, you have inspired me, thank you
If you hash the passwords and store them you won't be able to restore them later on. Hashes are one way functions. You'll probably want to use the master password to encrypt the passwords (AES or something), so someone can't just dump the plaintext passwords. Also you (might) want to sanitize SQL user input depending on who will be using this. Interesting idea though! P.S. Docker would make your life easier :)
Not that long ago we used to call such reinventions like "How NOT to ... my own.. " and it was damn appropriate. Nowadays 'info' lacks even more characteristics as in term "information" (completeness, trustworthiness, etc.).
I can reccomend MAMP (there is a free version) to get an SQL database up and running super quick with a couple of clicks... It creates a MySQL and not a Postgres DB but whatever... same thing for this purpose...:)
Aaaah Nice! That’s the type of video that made me subscribe to your channel, not the shallow-vlogger-lets-arrange-my-screen type of videos!! Keep on coding!!!
Hello kalle, I watched your project password manager and it's really amazing.Can you tell more about how to make secret.py.Because lot of beginners are there including me.
You should at the bare minimum encrypt the password. You could use an AES with padding for the login, which unlocks a 2048 bit rsa(good start, anything beyond 2048 is significantly going to affect performance without providing a significant increase in terms of security). Simple implementation and out of the box adds two layers of security: you can't get to the password without a private key and you can't get the private key without the key for the AES cipher. Speaking of the AES, you could pack plenty of additional info and salt and hash the rest of the sensitive data.
Hash means one way! You mean to encrypt and that is relatively simple with OpenSSL lib to implement RSA encryption. And you never show a password when entering it! Shoulder surfers would be able to get to all your passwords. And you are better of using a sqllite or BerkeleyDB so that you don’t need a whole server! And SQLite can do encryption on the database file as well! Double secure when you also encrypted your passwords.
u mad bruh? why would u do that! lazy youtubers don't upload for weeks and weeks once they start uploading would u stop this huh! i'm asking u again are u mad bruh?
How do make the intro look so good- the tree scene and the java/python... green shade thing? And mabye make tutorials on everything you do? Thanks love the vids as well
you *Hash* if you need to check if a password is correct but don't want to store the password anywhere because it's not safe. You *Encrypt* when you want to store passwords so that you can access them later wit a key. For anyone who wants to learn more, computerphile has some videos on hashing and encryption.
Can we use pandas (python library ) to do all and store passwords & manage them in a csv file. By doing so, their will be no issues related to database in cross platform. Also it is optimized to deal with large data, it has beautiful data frames to display data on console.
Your video motivated me to make a one my self, and I DID IT ! this is my first project ever in python completely on my own . ps. You could use sqlite it is good with python
Why PostgreSQL though? That's a big dependency that's pretty much completely unnecessary. There's nothing it offers that sqlite doesn't that a simple password manager can take advantage of, but it prevents it from being as portable as it could be.
@@saajanbhatia8472 yh but that’s the point, I would like to see some usable things from Kalle, like a proper web app with a framework and user accessible button elements instead of just doing it through the command line
Hey kalle, I also made a password manager two months ago and tried with tikinter but it doesnt look good, its better if you can make the script as a server and run it with a GUI made with electron. That will be easier to scale
Hey Kalle, recently I started making programs in python and some other languages but I wanted to make my own password manager and test it with Kalis password attacking tools and see if it could crack through my program. I was hoping whether you could make a step by step tutorial on how to make a password manager so I could get some idea of how I could make my own. Thanks
I tried making a password manager a few months ago and I made a program similar to this but then I got to the security part...Then I got into encryption hell.... If the passwords are encrypted using a key, if someone gets access to the key, they get access to all the passwords. Now do I have to encrypt the key to the encrypted passwords as well or something?! And then I just gave up.
all password managers work like that, if you got the master password you get access to every password ... look at keepass, lastpass, bitwarden. thats the main purpose, you encrypt many password with one long password.
so if you dont use a password manager and an attacker gets access to one site by some sort of security lack -> lets say your local soccer club gets hacked and they didnt salt+hash your passwords in the db, they have you password in plain text and could login in other accounts too... thats why you use different passwords + cryptic password and because noone will remember all their passwords people use password managers
When you retrieve the password, it is hashed. We cant use that on the sites. Hashing is great for saving them but for begin able to get your password back, i think youd need to use cryptography.
Hey Kalle, i ve been an ipad user for a few years now and i have to tell you that the best investment you can do is Notability. Its the best note taking app ever, you should try it!!!