Brute Force Attack

Brute Force Attack

A brute force attack is a trial-and-error method used to obtain information such as a user password or personal identification number (PIN). In a brute force attack, automated software is used to generate a large number of consecutive guesses as to the value of the desired data. Brute force attacks may be used by criminals to crack encrypted data, or by security analysts to test an organization's network security.

A brute force attack may also be referred to as brute force cracking.
A password and cryptography attack that does not attempt to decrypt any information, but continue to try a list of different passwords, words, or letters. For example, a simple brute-force attack may have a dictionary of all words or commonly used passwords and cycle through those words until it gains access to the account. A more complex brute-force attack involves trying every key combination in an effort to find the correct password that will unlock the encryption. Due to the number of possible combinations of letters, numbers, and symbols, a brute force attack can take a long time to complete. The higher the type of encryption used (64-bit, 128-bit or 256-bit encryption), the longer it can take. Although a brute-force attack may be able to gain access to an account eventually, these attacks can take several hours, days, months, and even years to run. The amount of time it takes to complete these attacks is dependent on the complexity of the password, the strength of the encryption, how well the attacker knows the target, and the strength of the computer(s) being used to conduct the attack

History

Brute Force was a game originally developed and released for the PC in 2000 and later released for the Xbox gaming console in 2003 by Microsoft Game Studios. Brute Force was a third-person shooter and consisted of multiple characters, each with their own strengths and capabilities. The game was set in the year 2340, and the object was to find other characters who were loyal to the Confederation. These other characters became part of the Brute Force team, which fought against aliens, outcasts, and mercenaries. From day one, the game was very popular, breaking several Xbox sales records, as well as beating out sales of the game Halo.

For example, a form of brute force attack known as a dictionary attack might try all the words in a dictionary. Other forms of brute force attack might try commonly-used passwords or combinations of letters and numbers.



An attack of this nature can be time- and resource-consuming. Hence the name "brute force attack;" success is usually based on computing power and the number of combinations tried rather than an ingenious algorithm.
 

Preventions

The following measures can be used to defend against brute force attacks:
  • Requiring users to have complex passwords
  • Limiting the number of times a user can attempt to log in
  • Temporarily locking out users who exceed the specified maximum number of login attempts
To help prevent dictionary brute-force attacks many systems only allow a user to make a mistake in entering their username or password three or four times. If the user exceeds these attempts, the system will either lock them out of the system or prevent any future attempts for a set amount of time.
Previous Post Next Post