What Exactly Is A Brute Force Attack?

by Lee on June 19, 2009

in Internet Security

In the last post I describes how a hacker could use a dictionary attack in order to try to gain access to a password-protected system or file.

If such an attack should fail, which is usually because the administrator has chosen a more effective password, then there is an alternative available and that is a brute force attack.

what is a brute force attack?

what is a brute force attack?

A brute force attack is far more labour intensive than a dictionary attack because it involves trying every conceivable combination of letters, numbers and characters in order to determine what a password is.

There are a few factors which will determine the effectiveness of a brute force attack.

These factors are -

  • The length of the password, longer obviously being harder to break
  • The time available to try each different possibility
  • The number of different values that each string within the password may have
  • Whether there is a security measure in place to block an attacker after x number of failed attempts at getting the password

DEFENDING AGAINST A BRUTE FORCE ATTACK

The best defence against a brute force attempt on your password is, perhaps, to make that password as long as possible.

Additionally, mixing numbers and letters, as well as characters, will make it far harder to guess the password.

For example, with a PIN number there are only 10 possible inputs (the numbers 0 – 9) for each of the four inputs required.

10 x 10 x 10 x 10 means that there are a 10,000 possible combinations for any given PIN number.

However, a six character password, using letters and numbers only, has far more possible answers -

10 numbers plus 26 letters equals 36 different values,

36 x 36 x36 x36 x36 x36 means 2,176,782,336 different combinations.

Obviously making the password longer than six characters and adding symbols will yield even more than those 2 billion combinations.

Ultimately, however, a sustained brute force attack will always succeed.

If your password is strong then the time for success may be years but remember that computers are becoming quicker and more sophisticated by the day.

Make your password as difficult to guess as possible, in order to avoid dictionary attacks, and make it long and a combination of letters, numbers and symbols and you will, if nothing else, have given yourself a level of protection that is more effective than most people have.

Tagged as: Password Security

Share this post: Tweet It | Facebook It | Stumble It | Digg It | Delicious It

Related Posts:

  • What Exactly Is A Dictionary Attack?
  • 10 Tips For Creating Effective Passwords
  • Have Grafiti Artists Vandalized Air Force One?
  • You Must Learn The Ways Of The Force..
  • What Exactly Is A DDoS Attack?
  • The Reverse PIN Myth
  • 7 Ways To Stay Safe Online
  • Do You Know How To Recover From A Virus Attack?
  • Tube Traveller’s Rail Tickets Cloned
  • 6 Simple Ways To Protect Your Children From Identity Theft

    • { 1 comment… read it below or add one }

    Stu June 20, 2009 at 9:05 am

    Nice article and the point about making password long is a good one as is mixing up letters and numbers and throwing a few strange characters into the mix.

    Reply

    Leave a Comment

    { 3 trackbacks }

    Previous post:

    Next post: