? Brute force attack


Deep Crack, a circuit dedicated to the brute force attack of DES.

L’brute force attack is a method used in cryptanalysis to find passwords or keys. It is about trying all possible combinations one by one. This method research (Scientific research is primarily… it only succeeds if the password being searched contains more than one character. These programs attempt to try all possible passwords in random order to fool security software that prevents them from trying all passwords in order.

To counter this method, simply choose good passwords length (The length of an object is the distance between its two farthest ends…) or large enough buttons. So the attacker will have to put a lot time (Time, by man… to find the correct password. This method is very sensitive to the computing capabilities of the machines executing the algorithm.

This method is often combined with a dictionary and table attack Rainbow (A rainbow is a visible optical and meteorological phenomenon…) to find the secret faster.

Mathematical explanation

If it contains a password NO independent (the presence of one character will not affect another) and evenly distributed (no character is privileged) characters number (The concept of number in linguistics is considered in the article “Number…”) maximum The amount of required tests is equal to:

  • 26NO that the password contains only letters of the alphabet in all lowercase or uppercase letters;
  • 52NO if the password consists only of letters of the alphabet, with a mixed (A mixture is a combination of two or more solid, liquid, or gaseous substances…) lowercase and uppercase letters;
  • 62NO if the password mixes upper and lower case letters as well as numbers.

For this, it is enough to increase the size of the “alphabet” that is actually used Strong (The word power is used in a certain sense in several areas 🙂 NO. This is the upper bound and is within medium (A mean value is a statistical measure that characterizes a set of elements…), it takes half as many tries to find the password (if random). In reality, very few passwords are completely random, and the number of attempts is well below the above limits (due to the possibility of a dictionary attack).

the board (Table can have several meanings depending on the context in which it is used 🙂 gives the number below maximum the number of trials required to find passwords of different lengths.

friendly 3 characters 6 characters 9 characters
lowercase letter 17,576 308 915 776 5.4×1012
lowercase letters and numbers 46,656 2,176,782,336 1.0×1014
lowercase, uppercase and numbers 238 328 5.6×1010 1.3×1016

one Personal computer (Also called personal computer, microcomputer, or personal computer…) it is capable of testing several hundred thousand or even several million passwords per head the second (The second is the feminine of the second adjective immediately following the first, or which…). It depends on the algorithm used for protection, but we find that a password of only 6 characters, itself together (In set theory, a set intuitively defines a collection…) A string of 62 characters (lowercase or uppercase letters followed by numbers) is not very resistant to such an attack.

In the case of keys used for encryption (In cryptography, encryption (sometimes incorrectly called encryption) is the process of…)length is often data (In information technology (IT), data is an elementary description, often…) in bits. In this case the number of possibilities to be explored (if the key is random) is 2.NO where NO is the length of the key in bits. A 128-bit key represents a limit that is no longer possible technology (The word technology has two de facto meanings 🙂 current situation and the attacker should consider other cryptanalytic solutions, if any. But it is necessary to take into account that power hardware (Hardware set…) constantly evolving (see Moore’s law) and a message (Designed to mathematically define the degree of information theory…) that cannot be deciphered at a certain time, may be with the same type of attack ten years later.

Leave a Reply

Your email address will not be published. Required fields are marked *