• Main Menu
  • Brute Force Attack

    A brute force attack consists of trying every possible code, combination, or password until the right one is found.

    Determining the Difficulty of a Brute Force Attack

    The difficulty of a brute force attack depends on several factors, such as:

    • How long can the key be?
    • How many possible values can each key component have?
    • How long will it take to attempt each key?
    • Is there a mechanism that will lock the attacker out after a number of failed attempts?

    As an example, imagine a system that only allows 4 digit PIN codes. This means that there are a maximum of 10,000 possible PIN combinations.

    Increasing Security against a Brute Force Attack

    From the example above, PIN security could be increased by:

    • Increasing the PIN’s length
    • Allowing the PIN to contain characters other than numbers, such as * or #
    • Imposing a 30 second delay between failed authentication attempts
    • Locking the account after 5 failed authentication attempts

    A brute force attack will always succeed, eventually. However, brute force attacks against systems with sufficiently long key sizes may require billions of years to complete.

    Brute Force Attacks vs. Dictionary Attacks

    In most cases, a dictionary attack will work more quickly than a brute force attack. A brute force attack is, however, more certain to achieve results eventually than a dictionary attack.

    Got Something To Say:

    Your email address will not be published. Required fields are marked *

    1. ayesha

      25 December, 2011 at 4:10 am

      I need a real example of brute force attack. will u send me such type of example in mail box???

    2. Juniper

      27 May, 2011 at 11:47 pm

      What can you do if you are locked out of a site due to an attempted brute force attack being detected?

      • marlon

        28 May, 2011 at 5:31 am

        You should immediately contact your hosting services support regarding this issue to request for an investigatigation of the issue and/or reset your password.

        • Juniper

          28 May, 2011 at 11:26 pm

          Have had my password reset, and can login from another computer, but cannot login from the computer where the the attack was detected. Thanks for your reply.

    3. Angel

      29 December, 2010 at 8:16 pm

      I need to know who the author is because it’s a good article i need to use for a project thank you

      • memenode

        5 January, 2011 at 10:07 pm

        You can just quote “Tech-FAQ.com” as the author.

    183 queries in 0.601 seconds.