http://www.thoughtag.com
 
Navigation
Home
Computers & Internet
Site Promotion
Online Business
Travel & Leisure
Recreation & Sports
Cars & Trucks
Legal
Health
 
 

Brute Force Attack!
By : Ankit Talwar

Find People, Friends & Old Lovers Free! Who is looking for you?


A last resort is to try every possible password, known as a brute force attack. In theory, a brute force attack will always be successful since the rules for acceptable passwords must be publicly known, but as the number of possible passwords increases very rapidly as the length of the password increases, this method is unlikely to be practical unless the password is relatively small. But, how small is too small? A common current length recommendation is 8 or more randomly chosen characters combining letters, numbers, and special (punctuation, etc) characters. Systems which limit passwords to numeric characters only, or upper case only, or, generally, which exclude possible password character choices make such attacks easier. Using longer passwords in such cases (if possible on a particular system) can compensate for a limited allowable character set. and, of course, even with an adequate range of character choice, users who ignore that range (using only upper case alphabetic characters, or digits alone, for instance) make brute force attacks much easier against those password choices.

Generic brute-force search techniques can be used to speed up the computation. But the real threat may be likely to be from smart brute-force techniques that exploit knowledge about how people tend to choose passwords. NIST SP 800-63 (2) provides further discussion of password quality, and suggests, for example, that an 8 character user-chosen password may provide somewhere between 18 and 30 bits of entropy, depending on how it is chosen. Note: This number is very far less than what is generally considered to be safe for an encryption key.

How small is too small thus depends partly on an attacker's ingenuity and resources (e.g., available time, computing power, etc.), the latter of which will increase as computers get faster. Most commonly used hashes can be implemented using specialized hardware, allowing faster attacks. Large numbers of computers can be harnessed in parallel, each trying a separate portion of the search space. Unused overnight and weekend time on office computers can also be used for this purpose.

The distinction between guessing, dictionary and brute force attacks is not strict. They are similar in that an attacker goes through a list of candidate passwords one by one; the list may be explicitly enumerated or implicitly defined, may or may not incorporate knowledge about the victim, and may or may not be linguistically derived. Each of the three approaches, particularly 'dictionary attack', is frequently used as an umbrella term to denote all the three attacks and the spectrum of attacks encompassed by them.

Ankit Talwar - Web Designer



Ankit Talwar is the owner of http://www.Dead-Yahoo.com. He is a Web Designer.

RELATED ARTICLES BELOW

Reunite With Loved Ones!


Myspace Backgrounds
By : Bronia Campbell

The Problems with Blogs
By : Jesse S. Somer

Web Hosting - Choose Affordable, Cheap Web Hosting
By : Declan Tobin

Will VoIP Make The Telephone Ring?
By : John Sheridan

CG Art Is Quickly Replacing The Old Artists Tools
By : Scott P. Davis

Phone Systems & Technology for Small Business
By : Cy Yablonsky

How to Achieve # 1 on Free Hosting
By : Nicholas Dixon

Brute Force Attack!
By : Ankit Talwar

Choosing The Right Paper For Printing Jobs
By : Maricon Williams

Your Computer Can't Keep Time
By : Stephen Bucaro
Best Diets - Diet Information    LTL Freight - Truckload Freight

Free Online Dating - Find Dates - Local Singles - Dating Discounts - Dating Coupons - Internet Dating

Post My Freight - Truckload LTL Freight Broker      State Permits, Inc. - Retail Permits - Building Permits     Partners