Network Security: What Is A Brute Force Attack?

A method of breaking a cipher (that is, to decrypt a specific encrypted text) by trying every possible key. The quicker the brute force attack, the weaker the cipher. Feasibility of brute force attack depends on the key length of the cipher, and on the amount of computational power available to the attacker. Brute force attack is impossible against the ciphers with variable-size key, such as a one-time pad cipher.” — dictionary.com

Basically, a Brute Force Attack is an automated method of using lists of user names and passwords in every possible combination until a valid pair is discovered. Obviously this can take a long time for two reasons. The lists of user names and of passwords may be very long, and every combination means an exponential number of attempts. Also, most brute force programs allow sequential combinations of alphanumeric characters, such as aa, ab, ac, ad etc. Longer and more complex user names and passwords make it tougher for brute force attacks to be effective. A username of “a” and a password of “a” would be discovered quickly. The faster the target server allows attempts, and the more connections allowed simultaneously, the more attacks can be tried simultaneously, so the more efficient you are, the more efficient the hacker will be.

Brute Force Attacks are very effective against older systems and older technologies. There are ways to defunct Brute Force Attacks that can be very effective for securing your site and your information. The first best method of protection is to limit the number of connections from any single user at the same time. Limit the number of failed attempts before the user’s IP is temporarily disabled. Log such attempts that fail and alert an admin if the number reaches some limit. An experienced web developer or programmer can help prevent such attacks from being successful. Better yet, an Internet Security specialist can do even more to protect you.

Leave a Reply