When you first announced you were gonna make daily videos for the next few days, I was just expecting vlogs and what you do in your day to day life. But we're getting actual high quality videos where we(and you!) learn something new everyday! These videos are both entertaining and educational. Keep doing what you're doing Kalle, and you're gonna get to a million subscribers soon! You definitely deserve it :)
I just finished watching the video and I can confidently say I've learnt nothing of value from this video. The only thing I took away is that it took him about 10 hours to build this. Be careful of watching youtube channels that make you think you're learning something but you're actually not, you can use your time in much more effective ways.
@@bobsmithy3103 i might not have learnt anything myself, that was not what he was trying to do. But it was both interesting and entertaining to see how he approaches the problem, i gotta appreciate him for that
Kalle motivates me to work and strive for what I set out for. These videos are more than just inspiration to me , its like fuel to keep me running. I must say Kalle is one of the best tech vloggers with a unique style of content .
Instead of hashing, you can use encryption algorithms with a secret key The algorithms are basically the same as hashing algorithms but they are reversibles with the secret key
if you hash your stored passwords then you can’t restore them to use on other website or program. so i guess it is better to do encryption to the passwords you store and only hash the masterpassword for the password manager
I think that he uses the stored hash as a password, you can't save a "custom" password. Like at 12:37 I think that "hellofacebook" is only used to create something that goes into the clipboard and you use as a password. At 13:28 you see that the password is made of random letters, numbers and symbols (the hash of something he wrote in a process like the one at 12:37).
I was just doing a course on cybersecurity that recommended the use of password managers and I was really considering creating one in C++. Thanks for this, it will help a lot :)
Tip: Use docker to setup postgres or your whole dev environment next time. It'll be easier to get up and running and if you create a docker file then it'll be even easier to replicate the whole environment for your next projects.
@Rahmi Acar Good thing I live in Saudi Arabia where the normal temps around 45+ C 😅 The coldest weather I've ever experienced was in the northern region when it reached around 6 C ( I almost died that day 😂)
Oooh, this was super cool to watch. Nice build! Much impress. Especially love how you notate out your requirements before getting to work. SDLC game strong. :)
I was trying to make a password for a few days now! Since I'm a newbie to Python, I tried to avoid SQL and thought about storing encrypted passwords in a TEXT file I did that , but it didn't so seem good, so I completely started from scratch again and this time I added a Hashing algorithm , SQL Database (also encrypted see:SQLcipher) , Search Engine and maybe even a GUI This video helped alot Kalle!
im currently designing my own encryption algorithm. i know people say dont do it cause it wont be secure but i wanna learn new things. so i could add that to this kind of idea
@@__se7entin__ also, becaue the way passwords are cracked. If attacker has the hash and knows which function was used it can be cracked easily, by brute force hashing passwords until the hash is found.
Why not use docker for running services like dbs, caches, message brokers etc... there really isnt a point of installing a dev environment that is not replicable on different computers/OSes anymore
u mad bruh? why would u do that! lazy youtubers don't upload for weeks and weeks once they start uploading would u stop this huh! i'm asking u again are u mad bruh?
If you hash the passwords and store them you won't be able to restore them later on. Hashes are one way functions. You'll probably want to use the master password to encrypt the passwords (AES or something), so someone can't just dump the plaintext passwords. Also you (might) want to sanitize SQL user input depending on who will be using this. Interesting idea though! P.S. Docker would make your life easier :)
i really like your videos, i really watched every video that came out lately, they just keep getting better, keep it up !! I also started coding recently, you have inspired me, thank you
This is ok for a prototype. But for a real production build I would actually require a master password to decode every pass in the DB. I would also use SQLalchemy, host the db somewhere online (Aws or Azure) and add some tests to avoid regression. This is nice tho.
Hello kalle, I watched your project password manager and it's really amazing.Can you tell more about how to make secret.py.Because lot of beginners are there including me.
Aaaah Nice! That’s the type of video that made me subscribe to your channel, not the shallow-vlogger-lets-arrange-my-screen type of videos!! Keep on coding!!!
I can reccomend MAMP (there is a free version) to get an SQL database up and running super quick with a couple of clicks... It creates a MySQL and not a Postgres DB but whatever... same thing for this purpose...:)
@@saajanbhatia8472 yh but that’s the point, I would like to see some usable things from Kalle, like a proper web app with a framework and user accessible button elements instead of just doing it through the command line
Not that long ago we used to call such reinventions like "How NOT to ... my own.. " and it was damn appropriate. Nowadays 'info' lacks even more characteristics as in term "information" (completeness, trustworthiness, etc.).
Can we use pandas (python library ) to do all and store passwords & manage them in a csv file. By doing so, their will be no issues related to database in cross platform. Also it is optimized to deal with large data, it has beautiful data frames to display data on console.
How do make the intro look so good- the tree scene and the java/python... green shade thing? And mabye make tutorials on everything you do? Thanks love the vids as well
Your video motivated me to make a one my self, and I DID IT ! this is my first project ever in python completely on my own . ps. You could use sqlite it is good with python
I tried making a password manager a few months ago and I made a program similar to this but then I got to the security part...Then I got into encryption hell.... If the passwords are encrypted using a key, if someone gets access to the key, they get access to all the passwords. Now do I have to encrypt the key to the encrypted passwords as well or something?! And then I just gave up.
all password managers work like that, if you got the master password you get access to every password ... look at keepass, lastpass, bitwarden. thats the main purpose, you encrypt many password with one long password.
so if you dont use a password manager and an attacker gets access to one site by some sort of security lack -> lets say your local soccer club gets hacked and they didnt salt+hash your passwords in the db, they have you password in plain text and could login in other accounts too... thats why you use different passwords + cryptic password and because noone will remember all their passwords people use password managers
Hey Kalle, recently I started making programs in python and some other languages but I wanted to make my own password manager and test it with Kalis password attacking tools and see if it could crack through my program. I was hoping whether you could make a step by step tutorial on how to make a password manager so I could get some idea of how I could make my own. Thanks
You should at the bare minimum encrypt the password. You could use an AES with padding for the login, which unlocks a 2048 bit rsa(good start, anything beyond 2048 is significantly going to affect performance without providing a significant increase in terms of security). Simple implementation and out of the box adds two layers of security: you can't get to the password without a private key and you can't get the private key without the key for the AES cipher. Speaking of the AES, you could pack plenty of additional info and salt and hash the rest of the sensitive data.
Hey kalle, I also made a password manager two months ago and tried with tikinter but it doesnt look good, its better if you can make the script as a server and run it with a GUI made with electron. That will be easier to scale
You talked about leaving a link to the repo in the description but on you github there's nothing but a readme file, are you still going to commit your progress?
Hash means one way! You mean to encrypt and that is relatively simple with OpenSSL lib to implement RSA encryption. And you never show a password when entering it! Shoulder surfers would be able to get to all your passwords. And you are better of using a sqllite or BerkeleyDB so that you don’t need a whole server! And SQLite can do encryption on the database file as well! Double secure when you also encrypted your passwords.
you *Hash* if you need to check if a password is correct but don't want to store the password anywhere because it's not safe. You *Encrypt* when you want to store passwords so that you can access them later wit a key. For anyone who wants to learn more, computerphile has some videos on hashing and encryption.
"Writing my own password manager using python & SQL"
*Climbs a tree for first 11 seconds*
Yes but it's the git tree
It’s a git branch
Force push
hahahahahaha
thats the first step to building this program
2020, the year when programmers started going out and even climbing trees
true even i started hiking and going out instead of working out in my home, again thats bcz there were no people outside bcz of lockdown
I like how there are so many stereotypes for programmers like this
Do you think all employees in FAANG are shut in no lives 😂
I can not code if I not work out A LOT.
Kalle right now: climbs a tree for an intro.
Kalle in 5 years: swims to Mariana trench to say his last words
lol
Hehe Noah 😁
How to buy that tick
On your name
When you first announced you were gonna make daily videos for the next few days, I was just expecting vlogs and what you do in your day to day life. But we're getting actual high quality videos where we(and you!) learn something new everyday! These videos are both entertaining and educational. Keep doing what you're doing Kalle, and you're gonna get to a million subscribers soon! You definitely deserve it :)
He doesn't
I just finished watching the video and I can confidently say I've learnt nothing of value from this video. The only thing I took away is that it took him about 10 hours to build this. Be careful of watching youtube channels that make you think you're learning something but you're actually not, you can use your time in much more effective ways.
@@bobsmithy3103 i might not have learnt anything myself, that was not what he was trying to do. But it was both interesting and entertaining to see how he approaches the problem, i gotta appreciate him for that
@@bobsmithy3103 true and well I don't wanna be mean but... ok nvm
"and you gonna get to see how bad my handwriting actually is"
notepad: hmm okay.
sticky notes: okay.
people watching this: okay.
Kalle motivates me to work and strive for what I set out for. These videos are more than just inspiration to me , its like fuel to keep me running. I must say Kalle is one of the best tech vloggers with a unique style of content .
Instead of hashing, you can use encryption algorithms with a secret key
The algorithms are basically the same as hashing algorithms but they are reversibles with the secret key
You should include a function to generate safe passwords. It’s one of my most useful functions in current password managers 😇
I'm making a password manager and this sounds like a cool idea. Thanks!
@@datboi1861 are you still working on this project? hmu
if you hash your stored passwords then you can’t restore them to use on other website or program. so i guess it is better to do encryption to the passwords you store and only hash the masterpassword for the password manager
I have’s really understood how he gets the password back honestly
I think that he uses the stored hash as a password, you can't save a "custom" password. Like at 12:37 I think that "hellofacebook" is only used to create something that goes into the clipboard and you use as a password. At 13:28 you see that the password is made of random letters, numbers and symbols (the hash of something he wrote in a process like the one at 12:37).
@@iDano98 then it's useless
To hash the password
@@giuliopimenoff Yes, if it works like I understood I completely agree. He used the hash function only to generate some random sequence of characters.
"trying to get a lot things to work here on Windows, until i just decided like fuck it i'm gonna go with Linux" is the highlight of this video
I wrote a bash front end for my mysql backend. Seems to be simple enough.
I have a challenge for you hack your password manager and then fix it to make strong from other hack.
You should use bcrypt hashing algorithm for master password and then save password encrypted with the master password.
For databases I suggest putting it as a docker image especially when you testing. It works on Windows/Linux/Mac without a lot of configuration!
I was just doing a course on cybersecurity that recommended the use of password managers and I was really considering creating one in C++. Thanks for this, it will help a lot :)
And why not use bitwarden for example?
Tip: Use docker to setup postgres or your whole dev environment next time. It'll be easier to get up and running and if you create a docker file then it'll be even easier to replicate the whole environment for your next projects.
You have to encrypt the passwords in the database 😬
Ima watch it, then edit my comment to respond.
@@nostalgia5031 i think you forgot to edit
@@micropanda7916 No no, he just like to take his time.
@@generic_cog7 makes sense
@@Chigi42 damn he's really taking his time
Kalle: it's kind of cold inside
also Kalle: wears t-shirt 😂
He needs to keep his brain warm to function properly (while coding of course)😂
@@bader51500 Do you think it's going to overheat?
@@flausseur I think his brain is water cooled so overheating is not an issue 😂
@Rahmi Acar
Good thing I live in Saudi Arabia where the normal temps around 45+ C 😅
The coldest weather I've ever experienced was in the northern region when it reached around 6 C ( I almost died that day 😂)
This is awesome. You can use the getpass function to get user password instead of input.
Oooh, this was super cool to watch. Nice build! Much impress. Especially love how you notate out your requirements before getting to work. SDLC game strong. :)
It just getting more interesting to watch your video
I was trying to make a password for a few days now!
Since I'm a newbie to Python, I tried to avoid SQL and thought about storing encrypted passwords in a TEXT file
I did that , but it didn't so seem good, so I completely started from scratch again and this time I added a Hashing algorithm , SQL Database (also encrypted see:SQLcipher) , Search Engine and maybe even a GUI
This video helped alot Kalle!
Can u share the project?
im currently designing my own encryption algorithm. i know people say dont do it cause it wont be secure but i wanna learn new things. so i could add that to this kind of idea
That hair is beautiful 😍😍😍
Focus on studies
@@blablabla12321 🤫
Let him/her enjoy!
What a stunt was that intro😀😀
Simp alert
Should have used docker, it's make your life as a dev way easier:
docker run --name postgres -e POSTGRES_PASSWORD=mysecretpassword -d postgres
Yep, docker is a modern and convenient way to manage this kind of services... May be he did not know about that
The hash here is useless, do encryption using the masterpassword instead.
Why is it useless?
@@__se7entin__ It is not possible to get the original message digest once it is hashed. It is irreversible!
@@vaidhyanathansm7625 aha. Yeah that's right
@@__se7entin__ also, becaue the way passwords are cracked.
If attacker has the hash and knows which function was used it can be cracked easily, by brute force hashing passwords until the hash is found.
@@kornbread5359 i mean, yeah they can brute force to find the raw text but how is encryption safer than hashing here?
A great person, whom I ever met on TH-cam
I LITERALLY thought yesterday of writing my own Password Manager and couldn't find anything on the Web, and then BOOM this!
Why not use docker for running services like dbs, caches, message brokers etc... there really isnt a point of installing a dev environment that is not replicable on different computers/OSes anymore
Kalle is one fire with daily uploads 🔥
"it is also kinda cold insides"
*wears a t-shirt*
Funny. Next clip has no hat and a hoodie. Go figure
STOP UPLOADING SO FAST I CANT KEEP UP!
Ikr
u mad bruh? why would u do that! lazy youtubers don't upload for weeks and weeks once they start uploading would u stop this huh! i'm asking u again are u mad bruh?
@@mr.radium1202 it was a joke "BRUH? "
@@mr.radium1202 wow someones salty. its a joke chill i love kalle (and his hair)
@@vernox4510 YES BRUH!
If you hash the passwords and store them you won't be able to restore them later on. Hashes are one way functions. You'll probably want to use the master password to encrypt the passwords (AES or something), so someone can't just dump the plaintext passwords. Also you (might) want to sanitize SQL user input depending on who will be using this. Interesting idea though! P.S. Docker would make your life easier :)
Kalle I love these daily videos! 😍 Personally, I would really enjoy seeing some vlog type videos, you're a very intriguing person 😂
i really like your videos, i really watched every video that came out lately, they just keep getting better, keep it up !!
I also started coding recently, you have inspired me, thank you
You literally look like a Disney prince. Great content BTW
I love when he just randomly climbs a tree
This is ok for a prototype. But for a real production build I would actually require a master password to decode every pass in the DB. I would also use SQLalchemy, host the db somewhere online (Aws or Azure) and add some tests to avoid regression. This is nice tho.
Have you applied this idea yourself? How did it go?
im getting started with cybersecurity, could you elaborate?
Keep up the quantity of uploads please. I love it :)
Hello! I worked for a password manager company! LOL this is an interesting video
Hello kalle,
I watched your project password manager and it's really amazing.Can you tell more about how to make secret.py.Because lot of beginners are there including me.
Always motivated to program after watching your videos.
Keep it man👍
Thou shalt not stop being educative.
It's amazing dude!!! Keep it up!+
Aaaah Nice! That’s the type of video that made me subscribe to your channel, not the shallow-vlogger-lets-arrange-my-screen type of videos!! Keep on coding!!!
Like the intro buddy
Postgres seems a bit much. Maybe try sqlite? It has an stdlib.
I used Json
I can reccomend MAMP (there is a free version) to get an SQL database up and running super quick with a couple of clicks... It creates a MySQL and not a Postgres DB but whatever... same thing for this purpose...:)
Thanks for the video, I took your solution, slightly modified and it works great.
Don't miss any of Tyrell's videos !
Will you upload the code on github? Right now the repo is empty
Hii plz every week make a project video using python. Love from India
kali linux is good for java?
Amazing kalle❤️❤️❤️❤️🙏🏻🙏🏻
M looking forward.
I'll make a gui version of that and link it here.
Wouldn't it be great??😀😀✌️
Pls do a SQL tutorial
Very cool... Wich model is your keyboard? Tks
You make me start learning Python, I was a big fan of Javascript.
Thanks Kalle for your videos.
May I ask you from which source do you get background sounds?
Thank you.
Your Intro are awesome kalle I love you intro
Didn't know Kali's terminal looked this pretty
I would love to see an elapsed time counter in one corner that would show us 'mere mortals' how long you worked on something.
Wow ur really getting into Python, why don’t you use a framework like flask or something?
He uses it for some things
There's no point the app he created just needs a command line there is no web app requirement
@@saajanbhatia8472 yh but that’s the point, I would like to see some usable things from Kalle, like a proper web app with a framework and user accessible button elements instead of just doing it through the command line
@@mrtek8095 but then that already exists so your not solving anything. Just use Google
@@saajanbhatia8472 yh but its fun to do in a video
Hi Kalle, thanks for the video!
Please let me know how to use Flutter in VS code.
Not that long ago we used to call such reinventions like "How NOT to ... my own.. " and it was damn appropriate.
Nowadays 'info' lacks even more characteristics as in term "information" (completeness, trustworthiness, etc.).
Great video man!! I’ve wanted to build one myself and this gave a me a boost 👍
Love how it's not just me with the climbing on trees thingie xD
Can we use pandas (python library ) to do all and store passwords & manage them in a csv file. By doing so, their will be no issues related to database in cross platform. Also it is optimized to deal with large data, it has beautiful data frames to display data on console.
How do make the intro look so good- the tree scene and the java/python... green shade thing? And mabye make tutorials on everything you do? Thanks love the vids as well
hey Kalle. Please which version python did you use ?
Wow, I've also created a password manager with Python and SQL. What a coincidence.
By Copying 😂😂
@@thekoder_prayas 😂😂😂
Its safer to write your own password manager, and the best part its free!
You wear a hat indoors to protect our eyes from its magnificent golden glory? How could you!
Your video motivated me to make a one my self, and I DID IT ! this is my first project ever in python completely on my own .
ps. You could use sqlite it is good with python
can you build your own encrypted messenger software?
I think u should start making tutorials for beginners to and teach more people this wizardry 🔥🔥
Glad to find your channel
"F* it, im gonna go with linux!" Best statement :D
When did you last program in Java
I tried making a password manager a few months ago and I made a program similar to this but then I got to the security part...Then I got into encryption hell.... If the passwords are encrypted using a key, if someone gets access to the key, they get access to all the passwords. Now do I have to encrypt the key to the encrypted passwords as well or something?! And then I just gave up.
all password managers work like that, if you got the master password you get access to every password ... look at keepass, lastpass, bitwarden. thats the main purpose, you encrypt many password with one long password.
so if you dont use a password manager and an attacker gets access to one site by some sort of security lack -> lets say your local soccer club gets hacked and they didnt salt+hash your passwords in the db, they have you password in plain text and could login in other accounts too... thats why you use different passwords + cryptic password and because noone will remember all their passwords people use password managers
I get an error:
from secret import get_secret_key
ImportError: cannot import name 'get_secret_key' from 'secret'
Does secret module even exist?
same problem, found a solution?
Hey Kalle, recently I started making programs in python and some other languages but I wanted to make my own password manager and test it with Kalis password attacking tools and see if it could crack through my program. I was hoping whether you could make a step by step tutorial on how to make a password manager so I could get some idea of how I could make my own. Thanks
You should at the bare minimum encrypt the password. You could use an AES with padding for the login, which unlocks a 2048 bit rsa(good start, anything beyond 2048 is significantly going to affect performance without providing a significant increase in terms of security). Simple implementation and out of the box adds two layers of security: you can't get to the password without a private key and you can't get the private key without the key for the AES cipher. Speaking of the AES, you could pack plenty of additional info and salt and hash the rest of the sensitive data.
Hey kalle, I also made a password manager two months ago and tried with tikinter but it doesnt look good, its better if you can make the script as a server and run it with a GUI made with electron. That will be easier to scale
So did you end up encrypting the passwords then decrypting them upon retrieving them instead of hashing?
What a intro 👏👏👏👏👏👏
You know that there is something called notebook/pocketbook where you keep your passwords and all accounts, right?
It’s about learning.
I have a simple password manager just in SQLite. Integrating some python is a good idea, thanks.
You should try settings up Postgres through docker. That will be more efficient when you are using you own system.
Hi Kalle!
What are the color scheme of your terminal and Vim, and the font-family?
Can I also know all the resources used to build this app?
You talked about leaving a link to the repo in the description but on you github there's nothing but a readme file, are you still going to commit your progress?
You are amazing bud ❤️
Sqlite would've been a better choice for your case
hey Kalle
will you add the code on GitHub ?
thx
Did I miss something or are the passwords stored in plain text?
Anyway you could link your resources used I’m pretty new and just wanting to read everything over?
Hash means one way! You mean to encrypt and that is relatively simple with OpenSSL lib to implement RSA encryption.
And you never show a password when entering it! Shoulder surfers would be able to get to all your passwords.
And you are better of using a sqllite or BerkeleyDB so that you don’t need a whole server! And SQLite can do encryption on the database file as well! Double secure when you also encrypted your passwords.
Can I just ask why you're using Kali?
Which linux distro it is that you are using ?
you *Hash* if you need to check if a password is correct but don't want to store the password anywhere because it's not safe. You *Encrypt* when you want to store passwords so that you can access them later wit a key. For anyone who wants to learn more, computerphile has some videos on hashing and encryption.
Where does this man live?
Sweden
Also that’s freaky
@@mrtek8095 Ikr
@@mrtek8095 K, thnks
@@mrtek8095 K, thanks