What is Brute Force Attack in Cryptography?

A brute force attack or brute force cracking is a trial-and-error method used to obtain information such as a user password or personal identification number (PIN). In a brute force attack, automated software is used to generate a large number of consecutive guesses as to the value of the desired data. Brute force attacks may be used by criminals to crack encrypted data, or by security analysts to test an organization’s network security.

In cryptography, a brute-force attack, or exhaustive key search, is a cryptanalytic attack that can, in theory, be used against any encrypted data (except for data encrypted in an information-theoretically secure manner).

Unlike hacks that focus on vulnerabilities in software, a Brute Force Attack aims at being the simplest kind of method to gain access to a site: it tries usernames and passwords, over and over again, until it gets in. Often deemed ‘inelegant’, they can be very successful when people use passwords like ‘123456’ and usernames like ‘admin.’

For example, a form of brute force attack known as a dictionary attack might try all the words in a dictionary. Other forms of brute force attack might try commonly-used passwords or combinations of letters and numbers.

An attack of this nature can be time- and resource-consuming. Hence the name “brute force attack;” success is usually based on computing power and the number of combinations tried rather than an ingenious algorithm.

Although a brute-force attack may be able to gain access to an account eventually, these attacks can take several hours, days, months, and even years to run. The time to complete an attack depend on the password, the strength of the encryption, how well the attacker knows the target, and the strength of the computer(s) used to conduct the attack.

To help prevent dictionary brute-force attacks many systems only allow a user to make a mistake by entering their username or password three or four times. If the user exceeds these attempts, the system will either lock them out of the system or prevent any future attempts for a set amount of time.

How to prevent yourself from these type of attacks?

1. Requiring users to have complex passwords
2. Limiting the number of times a user can attempt to log in
3. Temporarily locking out users who exceed the specified maximum number of login attempts
4. Things to avoid when choosing a password:

Any permutation of your own real name, username, company name, or name of your website.
A word from a dictionary, in any language.
A short password.
Any numeric-only or alphabetic-only password (a mixture of both is best).

5. Don’t use the ‘admin’ username.

Mathematically, Brute force is a straightforward approach to solve a problem based on the problem’s statement and definitions of the concepts involved. It is considered as one of the easiest approach to apply and is useful for solving small–size instances of a problem.

Example 1: Computing an (a > 0, n a nonnegative integer) based on the definition of exponentiation

an = a* a* a* …. * a

The brute force algorithm requires n-1 multiplications.

The recursive algorithm for the same problem, based on the observation that an = an/2 * an/2 requires Θ(log(n)) operations.

Example 2: Computing n! based on the definition n! = 1*2*3*…*n The algorithm requires Θ (n) operations.

First attempt
G	C	A	T	C	G	C	A	G	A	G	A	G	T	A	T	A	C	A	G	T	A	C	G
1	2	3	4
G	C	A	G	A	G	A	G

Second attempt
G	C	A	T	C	G	C	A	G	A	G	A	G	T	A	T	A	C	A	G	T	A	C	G
	1
	G	C	A	G	A	G	A	G

Third attempt
G	C	A	T	C	G	C	A	G	A	G	A	G	T	A	T	A	C	A	G	T	A	C	G
		1
		G	C	A	G	A	G	A	G

Fourth attempt
G	C	A	T	C	G	C	A	G	A	G	A	G	T	A	T	A	C	A	G	T	A	C	G
			1
			G	C	A	G	A	G	A	G

Fifth attempt
G	C	A	T	C	G	C	A	G	A	G	A	G	T	A	T	A	C	A	G	T	A	C	G
				1
				G	C	A	G	A	G	A	G

Sixth attempt
G	C	A	T	C	G	C	A	G	A	G	A	G	T	A	T	A	C	A	G	T	A	C	G
					1	2	3	4	5	6	7	8
					G	C	A	G	A	G	A	G

Seventh attempt
G	C	A	T	C	G	C	A	G	A	G	A	G	T	A	T	A	C	A	G	T	A	C	G
						1
						G	C	A	G	A	G	A	G

Eighth attempt
G	C	A	T	C	G	C	A	G	A	G	A	G	T	A	T	A	C	A	G	T	A	C	G
							1
							G	C	A	G	A	G	A	G

Ninth attempt
G	C	A	T	C	G	C	A	G	A	G	A	G	T	A	T	A	C	A	G	T	A	C	G
								1	2
								G	C	A	G	A	G	A	G

Tenth attempt
G	C	A	T	C	G	C	A	G	A	G	A	G	T	A	T	A	C	A	G	T	A	C	G
									1
									G	C	A	G	A	G	A	G

Eleventh attempt
G	C	A	T	C	G	C	A	G	A	G	A	G	T	A	T	A	C	A	G	T	A	C	G
										1	2
										G	C	A	G	A	G	A	G

Twelfth attempt
G	C	A	T	C	G	C	A	G	A	G	A	G	T	A	T	A	C	A	G	T	A	C	G
											1
											G	C	A	G	A	G	A	G

Thirteenth attempt
G	C	A	T	C	G	C	A	G	A	G	A	G	T	A	T	A	C	A	G	T	A	C	G
												1	2
												G	C	A	G	A	G	A	G

Fourteenth attempt
G	C	A	T	C	G	C	A	G	A	G	A	G	T	A	T	A	C	A	G	T	A	C	G
													1
													G	C	A	G	A	G	A	G

Fifteenth attempt
G	C	A	T	C	G	C	A	G	A	G	A	G	T	A	T	A	C	A	G	T	A	C	G
														1
														G	C	A	G	A	G	A	G

Sixteenth attempt
G	C	A	T	C	G	C	A	G	A	G	A	G	T	A	T	A	C	A	G	T	A	C	G
															1
															G	C	A	G	A	G	A	G

Seventeenth attempt
G	C	A	T	C	G	C	A	G	A	G	A	G	T	A	T	A	C	A	G	T	A	C	G
																1
																G	C	A	G	A	G	A	G

The Brute Force algorithm performs 30 character comparisons on the example.

Message: I hope that you have enjoyed ‘What is Brute Force Attack in Cryptography?‘ article. However, if you want me to deliver more items, then please share my post. You can use Social Sharing Widget provided at the end of every post. After all, Sharing is Caring!

What is Brute Force Attack in Cryptography?

Leave a Comment Cancel Reply

Suresh Kumar

Important Pages

Born On

Tips2Secure