A brute force attack is a method of finding someone’s password or cryptographic key in order to gain access to an online service, personal data or computer.
Table of Contents
Principle of the brute force attack
This very simple attack in principle consists of trying all possible combinations until you find the right one. A method of tremendous efficiency that no algorithm can resist.
The uncertainty of the success of a brute force attack lies in the time required to find the username. This variable depends both on the length of the password or encryption key and on the power of the computer hardware. A brute force attack can take minutes to years depending on the complexity of the code to be deciphered.
Different forms of Brute Force attack
There are various forms of brute force attack:
- Dictionary attack: Automated tools rely on a dictionary file of common words and their variants in dialect, slang or with misspellings;
- Rules-based attacks: use rules to test password variations using, for example, part of the username;
- Attacks based on computing power: a personal computer is capable of testing hundreds of thousands of combinations per second; when this is no longer sufficient, the attackers can resort to distributed computing by making several machines work in concert; it also happens that hackers use botnets that they rent for the necessary time.
How to Prevent Brute Force
Use strong passwords
Only a strong password, the complexity of which could require several years of analysis, is likely to constitute effective protection.
It must combine lowercase and uppercase letters, numbers, special characters (example: ,?;.:/!§%µ) and/or national characters such as accented letters. It is also strongly advised to renew the passwords regularly and not to use the same one to secure various accesses.
In the case of an encryption key, the length, which is expressed in bits, determines the maximum number of operations necessary for decryption. In symmetric cryptography, 128-bit keys are considered the minimum required to ensure proper security.
Use a 2 factor Authentication (2FA)
If the application or website allows you to activate a 2FA method, do not hesitate to use it. This method will be super hard for any hacker to get into your system.
Use a complex Username or login name
Another thing a hacker should find is your login username before trying to start a brute force. A complex username also makes it very difficult for hackers to break into your account.