To do something the hard, slow way; without diplomacy. In computers, a programming technique which relies on raw speed and power of the computer to do a mathemathical calculation using an unconventional method, as opposed to a more elegant, simpler method.
Creating a program that uses a mathmatically simple system that takes longer rather than a shortcut, common in mathematics, in the name of simply getting the program written faster.
“I was on deadline so I had the program search the database by brute force rather than doing a boolean search.”
A brute force attack by a cracker may systematically try all possible password combinations until the unknown code is found and authentication is approved. It is often used in order to decrypt a message without knowing the right key. A non-brute force method, in this case, would be to simply find a mathematical weakness in the system used to hide the information.
- Example: Imagine your Bank ATM allowed thieves to try each and every combination of your PIN, instead of locking your account after three tries. With 10,000 possible pins, it would take a long time to punch in each and every one. And it is more likely that they will accidentally happen upon the correct pin before trying all 10,000. A computer, meanwhile, can run through 10,000 possible keys in a matter of minutes. If you were allowed to use 8 character pins, the difficulty would increase to 100,000,000 keys which would take a computer many hours, even days to try them all. Using letters and special characters (#,$,&,+) increases this number significantly.
This process is in use now with operations like the Distributed.net (http://www.distributed.net) distributed computing project and EFF‘s DES cracker (http://www.eff.org/descracker.html). A common use is an attack used on the very weak (http://www.securiteam.com/securitynews/5LP0A0096O.html) ZIP and Microsoft Word (DOC) file encryption.
Brute force attacks are always successful if given enough time against symetric and public-key cryptosystems files – sometimes too long; cracking some files could take hundreds of years. Exceedingly long, randomized passwords also increase time to crack.
The attack is useless against the One-time Pad Cryptosystem since there is no way to determine if a successful key was found – the file in question could just as easily be this paragraph or the word “cat,” as taking messages from random data is not conclusive.
Brute-Force decryption tools
- LostPassword.com (http://www.lostpassword.com)
- ElcomSoft Co.Ltd. – Password Recovery Software (http://www.elcomsoft.com)
- AccessData – Password Breakers (http://www.accessdata.com/)
A type of attack on Internet servers. Simply trying every possible password for a computer’s log in.
This can be defended against if remote log-in attempts are restricted to only three tries under a given user ID. After three failed attempts, the login’s source IP would be frozen from trying to gain access for up to 30 seconds. This allows only 6 keys to be tried every minute.
In terms of attempts to guess password, a PKZIP 2.04g-encrypted .zip archive file can be decrypted by attempting around 1,200 keys can be tried every minute, depending on computer speed. With both systems, an eventual key would be found but, with 6 passwords attempted every minute, the attacker would need some previous indication of what the original password is.
TakeDown.NET -> “Brute-force”