• FAQs
• Articles
• Tutorials
• Web Tools
• Reference
• Blog
• Proxy
• Software
• Cell Phones

• Cryptology FAQs
• What is cryptology?
• What is cryptography?
• What is cryptanalysis?
• What are plaintext and ciphertext?
• What are symmetric and asymmetric ciphers?
• What are block and stream ciphers?
• What are substitution and transposition ciphers?
• What is a chosen plaintext attack?
• What is a known plaintext attack?
• What is a known ciphertext attack?
• What is a dictionary attack?
• What is a brute force attack?
• What is rubber hose cryptology?
• What is a message digest?
• What is PKI?
• What are the PKI authorities?
• What is a digital certificate?
• What is a PKI certificate?
• What is a certificate authority?
• What is x.509?
• What is a root certificate?
• What is a root certificate update?
• What is a digital signature?
• What is MD5?
• What is PGP?
• What is GPG?
• How can I encrypt an entire disk?
• How does MS Access Encryption work?
• What are cryptographic algorithms?
• What is ROT-13?
• What is XOR encryption?
• What is a one-time pad?
• What is DES?
• What is RC4?
• What is RSA?
• What is Diffie-Hellman?
• What is AES (Rijndael)?
• What are cryptographic libraries?
• What is steganography?
• What is a wordlist?
• What is S/MIME?
• What is SHA-1?
• What is XOR?
• Main Menu
• » Networking
• » Physical Layer
• » Data Link Layer
• » Network Layer
• » Network Security
• » Wireless Networks
• » VoIP
• » Telephony
• » Mobile Telephony
• » Electronics
• » Radio
• » Television
• » Cryptology
• » Passwords
• » Smart Cards
• » Privacy
• » Malware
• » Vulnerabilities
• » Unix
• » Macintosh
• » Microsoft Windows
• » The Web
• » Web Publishing
• » E-mail
• » Instant Messaging
• » Databases
• » Computer Hardware
• » CPU's
• » Memory
• » Storage
• » Video
• » Audio
• » Multimedia
• » Satellite
• » Java
• » IT Management
• » Science
• » Miscellaneous

What is a Brute Force Attack?

A brute force attack consists of trying every possible code, combination, or password until you find the right one.

Determining the Difficulty of a Brute Force Attack

The difficulty of a brute force attack depends on several factors, such as:

• How long can the key be?
• How many possible values can each component of the key have?
• How long will it take to attempt each key?
• Is there a mechanism which will lock the attacker out after a number of failed attempts?

As an example, imagine a system which only allows 4 digit PIN codes. This means that there are a maximum of 10,000 possible PIN combinations.

Increasing Security Against a Brute Force Attack

From the example above, PIN security could be increased by:

• Increasing the length of the PIN
• Allowing the PIN to contain characters other than numbers, such as * or #
• Imposing a 30 second delay between failed authentication attempts
• Locking the account after 5 failed authentication attempts

A brute force attack will always succeed, eventually. However, brute force attacks against systems with sufficiently long key sizes may require billions of years to complete.

Brute Force Attacks vs. Dictionary Attacks

In most cases, a dictionary attack will work more quickly than a brute force attack. A brute force attack is, however, more certain to achieve results eventually than a dictionary attack.

Purchase these excellent books on cryptology at Amazon.com

Bookmark What is a Brute Force Attack?

Latest Blog Posts

• Acai Berry Spam via MSN

• Obama Seeks Power to Shut Down the Internet

• Help Beta Test Tech-FAQ 2.0!

• Windows 7 Forum

• Boston College: Ability to Use a Command Line is a Sign of Criminal Activity

• Google Hacked?

• Recycle your old phone – Make some money, and save the environment too!

• SourceForge vs. Freshmeat

• Fastest Web Browser: Google Chrome

• New Webmaster Forum