Wednesday, July 3, 2013

Brute Force Hack Attack

Today I will tell you about "Brute Force Hack Attack" which is the most widely known method for password Cracking or Hacking. This attack basically tries to use every possible character combination as a password. To recover a one-character password it is enough to try 26 combinations from ‘A’ to ‘Z’. It is assured that you will find the password. 

Brute Force Hack Attack - Prince Asfi


How long will it take to Hack the Password? 



So the two-character password will need 26*26=676 combinations for the password. The number of possible combinations grows rapidly as the length of the password increases so most of the time this method quickly becomes useless because it takes lots of time and you need to wait for it. Do you ready to wait for two months while your 9-character password is cracked? Besides the maximal length of the character set you should also identify the character set i.e. the list of characters that will be integrated in the combinations. The longer the character set is, the longer the mandatory period of time is. Here is the problem: usually you have no plan of what characters are present in the password. On the one hand, you should indicate all possible characters. On the other hand, this can slow things down very much. Unluckily, there are no common ways to conclude what character set to use. It is more a question of luck and instinct. The only thing I can recommend is to begin with trying short passwords using the full character set. Then you can enlarge the length of password at the same time lessening the character set to keep the required time good acceptable.

If the password is case sensitive, then there is another problem with this case.

There are three options for it:


  • You can guess that the password was typed in lower case. In this case, the required time will stay the same but if the password contains upper case letters it will not be recovered or hacked.
  • You can try all possible combinations for Hacking. The password is guaranteed to be found, but sometimes the process slows down drastically. The 7-character lower case password requires about 4 hours to be recovered or hacked but if you want to try all the combinations of upper case and lower case letters, it will require 23 days.
  • The third method is simply trade-off. Only the most feasible combinations are taken into consideration. For example "password", "PASSWORD" and "Password". The complicated combinations like "pAssWOrD" are not taken in it. In this particular case the process slows down to one third of original speed but there is still a risk to fail.


Note: You can decrease the amount of the time that is compulsory using faster computers (Only the CPU speed is significant. The amount of RAM, the performance of the hard drive and other hardware don’t affect the brute force speed) Using several computers, choosing the fastest password crackers or tuning the brute force parameters cleverly and precisely.

1 comment: