[ad_1]
We’ve finally found the answer to the question about the meaning of life, but there’s a little problem: it’s on your roommate John’s computer. He also created a folder on the desktop “The meaning of life is…”, but it is encrypted with a password.
A voice in your head whispers: “brute force attack”.
“What is brute force?” you ask. “And who said that?”
Trying not to pay attention to the last question, go ahead and ask John, “Hey, can you tell me the password? I also want to know the meaning of life.”
John refused and went to work. Just kidding, he doesn’t have a job.
Apart from annoying you, that’s all. However, he went out to buy beer, so you have time to figure out the password.
“Brute force attack,” the voice insists.
It’s not “John123” or “beer4me”. You called her mom, but she’s not “I love gingerbread cookies” either. Certainly surprising. There are millions of combinations.
What are you doing?
(BRUTE FORCE… Okay, okay – cut off your voice and start a Google search)
Find some fun brute force facts:
- Hacking attempts using brute force or dictionary attacks have increased by 400% in 2017.
- 86% of subscribers use passwords, already leaked in other data breaches and available to attackers in plain text.
- “123456789” can be cracked 431 times in the blink of an eye, but “A23456789” takes about 40 years to crack.
- It can take 30-40,000 years to crack a 12-digit password.
- Brute force attacks use trillions of combinations to hijack your password.
- More than 290,000 people use the password “123456”.
What is the definition of brute force?
Brute force is an exhaustive investigative method that tries all possibilities to arrive at a solution to a problem. Without being able to guess or obtain the password, the only option left is to… crack it.
Brute force hacking uses a calculation algorithm that checks all possible combinations of passwords, so as the length of the password increases, the time it takes to crack the password also increases.
This is why brute force password attacks can take hundreds or even millions of years to complete.
Wondering how long it will take to crack your password?
Just avoid bragging by posting the real password. And change it, if it turns out to be too easy. Now we have to talk about the
Types of brute force attacks
Although each brute force attack has the same goal, different methods are used. The most common is the
dictionary attack
This goes through all the words in the dictionary to find the password. Commonly used passwords and phrases are also included in the search, so if your password is “password” or “123456”, it will take a couple of seconds to crack.
Reverse brute force attacks
These occur when the attacker has your password, but not your username. Use the same method as a normal brute force attack.
It is possible to launch an attack on both username and password, but it will take even longer, further reducing the chances of success.
Credential recycling
This is an attack where the hacker exploits an already hacked password. If someone can steal your YouTube password, he will definitely try to login to Facebook, Twitter, etc. with the same credentials.
It’s best to use a unique password for each online account you have. However, it can be frustrating to remember all these details. Fortunately, we have password managers for that, some of which are even free.
How to use brute force?
The definition of brute force makes it really obvious how it can be achieved. With a little reading, you really need very little to do damage. There is also a lot of different software for this purpose. Let’s take a look at some of them.
John the Ripper
It is a popular brute force attack tool, which has been a favorite for a long time. It is completely free and supports 15 different platforms: Windows, DOS, OpenVMS, Unix, etc. John the Ripper has various password cracking features and can perform dictionary attacks.
rainbow crack
This is a bit different from other brute force tools because it generates rainbow tables which are precalculated. This helps reduce the time it takes to execute the attack. The tool is still under active development and is available for Windows and Linux operating systems.
Cain and Abel
You can use this approach for network sniffing, recording of VoIP conversations, decryption of encrypted passwords and more. Antivirus software like Avast detects it as malware, so you should block your antivirus before you start.
Dave Grohl
A brute force attack tool for Mac OS. It is open source and has a mode that allows you to attack from multiple computers with the same password. This makes guessing the password even faster.
Fissure
One of the oldest password cracking tools. It only works with UNIX system. Their strategies include checking for weak passwords and performing dictionary attacks.
hashish
It claims to be the fastest CPU based password cracking tool. It can be used on Windows, Linux and Mac platforms and is completely free. Widely known for the wide range of options including: dictionary, brute force, hybrid attacks and more. Hashcat uses more than 230 algorithms.
aircrack-ng
This is a popular wireless password guesser, available for Windows and Linux and has also been adapted to work on iOS and Android. With the tool, you can effectively find the password of a wireless network.
Now you know the tools, but there is more…
Having an upgraded Central Processing Unit (CPU) and Graphics Processing Unit (GPU) can greatly benefit a brute force attack.
The number of attempts you can make per second is critical to the process. A CPU core is generally much faster than a GPU core, but a GPU is great at processing math. Multiple GPUs can increase their speed with no upper limit.
for example, a break an 8 character password on a CPU, it will take (1.7 * 10^-6 * 52^8) seconds / 2 or 1.44 years. On a GPU this would only take about 5 days. On a supercomputer, this would take 7.6 minutes.
“Just because you’re paranoid doesn’t mean they’re not looking for you,” said Joseph Heller, so…
Here are some tips to prevent brute force attacks
We are still waiting for something on this planet to be fully protected. In the meantime, you can combine a couple of security measures.
captcha
it is a way of recognizing whether a computer or a human is trying to log in. I’m sure you’ve checked the “I’m not a robot” box many times. It makes sense now. But computers are smart. There are ways to teach the machine to simulate human behavior. Using captcha alone will not solve the problem.
Two-step authentication
is another useful way to ensure your privacy. Authentication commonly comes in the form of a code sent to your mobile phone. Just make sure you don’t lose your phone.
Limit login attempts
can add an extra layer of security. Web-based servers start displaying captcha if you type the wrong password three or more times. They can even block your IP address. This will make brute force even slower or completely useless.
encryption
A strong encryption algorithm like SHA-512 is essential. Make sure you’re not using an old algorithm with known weaknesses.
256-bit encryption is one of the most secure encryption methods, so it’s definitely the way to go. The decryption time of 256-bit brute force encryption requires 2128 times more computing power to match that of a 128-bit key.
And the last step is [email protected]$sw0rd-101 Complexity, of course.
Combine all of the above and you will be as safe as possible. Educating staff on the subject will also increase the chances of preventing brute force attacks.
Now you have the knowledge. You managed to launch a brute force attack on John’s computer. Just in time.
(voice is happy)
It only takes a couple of seconds and your password has been cracked. “DAdams” – not so sure – finally opens the folder and sees that the meaning of life is… 42!
Seriously Giovanni?
On the plus side, you’ve learned what brute force is and how to use a brute force attack.
FREQUENTLY ASKED QUESTIONS.
How does a brute force attack work?
The principle is very simple. Guess passwords using the speed and calculations of the computer.
How fast is it to force a password?
It depends on the strength of your password and other security features you may have. Brute force can take a second or thousands of years.
What is the best protection against a brute force attack?
A combination of password complexity, limited login attempts, captcha, encryption algorithm, and two-step authentication will provide the best possible protection.
What are the best brute force attack tools?
There is a variety of good software you can use: John the Ripper, Cain and Abel, Crack, OphCrack, THC Hydra, etc. Be sure to check the specific requirements before using any of the tools.
What is a brute force algorithm for example?
The brute force algorithm is to check all positions in the text and whether an occurrence of the pattern starts there or not. After each try, move the model exactly one position to the right. Here is a clear example.
Can AES be decrypted?
Theoretically yes, although it would take more than a billion years. AES has never been hacked and it is safe to say that it will protect you from any brute force attack.
How can I be sure that my password is strong enough?
A strong password is long and contains letters, numbers, and symbols. Avoid dictionary words and common phrases. Usually, a password that is easy for you to remember will be easy for others to hack.
Tell me again – in plain language – what is brute force?
Find out a password without knowing it first. It uses a computer to do calculations and try all possible combinations until the password is revealed. Depending on security measures, the process can take anywhere from a few seconds to thousands of years.
[ad_2]