Brute Force Attack
An attack method that systematically tries all possible combinations to crack passwords or encryption
Also known as: Brute Force, Exhaustive Search Attack
Category: Concepts
Tags: security, attacks, passwords, credentials, cybersecurity
Explanation
A brute force attack is a cryptographic attack method that involves systematically checking all possible keys, passwords, or combinations until the correct one is found. This trial-and-error approach guarantees success given enough time and computational resources, but becomes impractical as the complexity of the target increases. The name derives from the method's reliance on raw computational power rather than clever techniques.
Brute force attacks work by iterating through every possible combination of characters, starting from simple patterns and progressively trying more complex ones. Variants include dictionary attacks (using common passwords and words), hybrid attacks (combining dictionary words with numbers and symbols), and reverse brute force (trying one password against many usernames). Modern GPU clusters and specialized hardware can attempt billions of password combinations per second.
Notable examples include the cracking of the DES encryption standard, which demonstrated the need for longer key lengths. The 2012 LinkedIn breach exposed 6.5 million poorly-hashed passwords that were subsequently cracked. The iCloud celebrity photo leak (2014) exploited weak rate limiting, allowing brute force attempts on accounts.
Defenses against brute force attacks include implementing strong password policies (length, complexity), account lockout mechanisms after failed attempts, rate limiting and CAPTCHA systems, multi-factor authentication (MFA), using slow hashing algorithms like bcrypt or Argon2, and monitoring for suspicious login patterns. Password managers help users maintain unique, complex passwords across services, eliminating password reuse vulnerabilities.
Related Concepts
← Back to all concepts