Brute force attack

From Imperial Wiki
Revision as of 18:46, 4 December 2007 by Ted C (talk | contribs) (New page: A '''brute force attack''' is a computer cracking technique in which the attacker uses an automated program to try every possible combination for a password or other code in a short period...)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

A brute force attack is a computer cracking technique in which the attacker uses an automated program to try every possible combination for a password or other code in a short period of time. In theory, such an attack will always succeed if given enough time.

Countermeasures

One solution to brute force attacks is to disallow further attempts to enter a password after a small number of failures. For instance, an access point may allow only three attempts to login using a particular user account before locking the account; a brute force attack would in all likelihood fail thousands of times before finding the correct code, so it would not be able to gain access.

Another solution is to simply increase the length and complexity of pass codes. To succeed, the attacking program must be able to attempt all possible pass codes in a reasonable amount of time. For example, four-digit pass code only has 10,000 possible combinations; if a brute force attack program can try 1,000 combinations per second, it will gain access within ten seconds. An eight-digit pass code has 100 million possible combinations; it would take the same attacking program nearly 28 hours to try them all. By increasing the length and complexity of pass codes, it is possible to make trying every combination impractical for any computer.