Brute Force Attack

Brute force attack is a trial and error method used by application programs to decode encrypted data (passwords or Data Encryption Standard (DES) keys, through exhaustive effort (using brute force) rather than employing intellectual strategies.

A brute force cracking application proceeds through all possible combinations of legal characters in sequence. Brute force is considered to be an infallible, although time-consuming, approach.
LVL 2
Laxmi SharmaDigital Marketer & BloggerAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

AlanConsultantCommented:
Hi Oliver,

Yes - that is essentially correct.

The main thing I would suggest you review is that you say that a brute force attack is 'infallible, although time-consuming'.

Strictly speaking that is correct, but it does depend on what you really mean by 'infallible'.

If it would be reasonably expected to take, say, a thousand years is that 'infallible'?  What about a million years, or a billion years, or a trillion years?

From any practical perspective, some expected duration makes the cracking infeasible, and therefore, from a practical perspective, the brute force attack 'fails'.


In addition, if a symmetric cypher is applied, and the key is a truly random string (say, simply XORd with the plain text to product the cypher text), then it is unbreakable under any circumstances, unless you know the key.  There is no amount of time for which a brute-force attack will succeed, so it is not truly infallible.

In fact, if you decrypt for long enough, you will generate all possible strings of characters, including all possible texts of a given length.  That means that whilst you will get the plain text at some point, you will have absolutely no means of knowing when you get it.


Alan.
1
Dr. KlahnPrincipal Software EngineerCommented:
In the past, yes - this was a possible attack.  Some systems would allow unlimited tries at the best possible speed.

Brute force cracking is not workable against modern systems.  The number of login attempts is generally limited when bad passwords are repeatedly tried, the number and frequency of attempts is often throttled, and after some point that account is locked.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
David FavorLinux/LXD/WordPress/Hosting SavantCommented:
Reading your question, you make two statements.

Maybe place a comment adding some question, just to make sure commenters are addressing your real question/concern.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Cyber Security

From novice to tech pro — start learning today.