In the last post I describes how a hacker could use a dictionary attack in order to try to gain access to a password-protected system or file.
If such an attack should fail, which is usually because the administrator has chosen a more effective password, then there is an alternative available and that is a brute force attack.
A brute force attack is far more labour intensive than a dictionary attack because it involves trying every conceivable combination of letters, numbers and characters in order to determine what a password is.
There are a few factors which will determine the effectiveness of a brute force attack.
These factors are –
- The length of the password, longer obviously being harder to break
- The time available to try each different possibility
- The number of different values that each string within the password may have
- Whether there is a security measure in place to block an attacker after x number of failed attempts at getting the password
DEFENDING AGAINST A BRUTE FORCE ATTACK
The best defence against a brute force attempt on your password is, perhaps, to make that password as long as possible.
Additionally, mixing numbers and letters, as well as characters, will make it far harder to guess the password.
For example, with a PIN number there are only 10 possible inputs (the numbers 0 – 9) for each of the four inputs required.
10 x 10 x 10 x 10 means that there are a 10,000 possible combinations for any given PIN number.
However, a six character password, using letters and numbers only, has far more possible answers –
10 numbers plus 26 letters equals 36 different values,
36 x 36 x36 x36 x36 x36 means 2,176,782,336 different combinations.
Obviously making the password longer than six characters and adding symbols will yield even more than those 2 billion combinations.
Ultimately, however, a sustained brute force attack will always succeed.
If your password is strong then the time for success may be years but remember that computers are becoming quicker and more sophisticated by the day.
Make your password as difficult to guess as possible, in order to avoid dictionary attacks, and make it long and a combination of letters, numbers and symbols and you will, if nothing else, have given yourself a level of protection that is more effective than most people have.