In the context of computer security, a brute force attack is a particular strategy used to break your lovingly crafted password. This is the most widely used method of cracking passwords and it involves running through all the possible permutations of keys until the correct key is found. For example, if your password is 2 characters long and consists of letters and numbers – and is case sensitive, then a brute force attacj would see a potential 3,844 different “guesses” at your password. This is because:
- First character: lower case letters (26) + upper case letters (26) + numbers (10) = 62
- Second character: same = 62
- Total permutations = 62*62 = 3,844
You can see that the longer the password, the more “guesses” and time are needed for the brute force attack to be successful.
Brute Force Attack Assumptions
Here assumptions is the wrong word, but you’ll see why as we proceed. To cut down the time it takes to find the correct password, the cracking algorithm will look for popular patterns in words. For example, if the password is “millford”, the following will be tried first:
These guesses take precedence, because they are more popular ways of representing the password. That is, the crackers take into account human behaviour. If the password was MilLFoRd, it would eventually get cracked, but it would take more time. Cracking algorithms also take into account the tendency of people to make their passwords easy to remember, by incorporating meaningful sequences of characters – like real words. This gives the cracker an opportunity to make educated gueses using these predictable patterns of characters. The brute force attacke will still try every permutation of characters, but it will start with commonly used ones first, in an attempt to reduce the time it takes to crack the password.
How Long Does It Take To Crack A Password
The time required to crack a password is dependant on:
- How long the password is.
- How many characters are allowed in each position (uppercase, lowercase, numbers, special characters).
This post is still in progress, but in the meantime, check out thie following info on: