Brute Force Attack

Brute force attack is a trial and error method used by application programs to decode encrypted data (passwords or Data Encryption Standard (DES) keys, through exhaustive effort (using brute force) rather than employing intellectual strategies.

A brute force cracking application proceeds through all possible combinations of legal characters in sequence. Brute force is considered to be an infallible, although time-consuming, approach.
LVL 2
Laxmi SharmaDigital Marketer & BloggerAsked:
Who is Participating?
 
Dr. KlahnConnect With a Mentor Principal Software EngineerCommented:
In the past, yes - this was a possible attack.  Some systems would allow unlimited tries at the best possible speed.

Brute force cracking is not workable against modern systems.  The number of login attempts is generally limited when bad passwords are repeatedly tried, the number and frequency of attempts is often throttled, and after some point that account is locked.
0
 
AlanConsultantCommented:
Hi Oliver,

Yes - that is essentially correct.

The main thing I would suggest you review is that you say that a brute force attack is 'infallible, although time-consuming'.

Strictly speaking that is correct, but it does depend on what you really mean by 'infallible'.

If it would be reasonably expected to take, say, a thousand years is that 'infallible'?  What about a million years, or a billion years, or a trillion years?

From any practical perspective, some expected duration makes the cracking infeasible, and therefore, from a practical perspective, the brute force attack 'fails'.


In addition, if a symmetric cypher is applied, and the key is a truly random string (say, simply XORd with the plain text to product the cypher text), then it is unbreakable under any circumstances, unless you know the key.  There is no amount of time for which a brute-force attack will succeed, so it is not truly infallible.

In fact, if you decrypt for long enough, you will generate all possible strings of characters, including all possible texts of a given length.  That means that whilst you will get the plain text at some point, you will have absolutely no means of knowing when you get it.


Alan.
1
 
David FavorLinux/LXD/WordPress/Hosting SavantCommented:
Reading your question, you make two statements.

Maybe place a comment adding some question, just to make sure commenters are addressing your real question/concern.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.