Brute-force attacks are simple enough to understand, but difficult to counter. Even a complex cryptography system can today be forced by a brute-force attack (or brute force) carried out by a series of fast computers.
These brute force attacks can be launched against any type of encryption, and they become faster and more effective every time more and more powerful computers are produced.
Brute-force attacks or "brute-force" in the computer field are quite simple to understand.
Having a password-protected program, a hacker who wants to decipher it begins to try, in series, every combination of characters, symbols, letters or numbers until the right key is found.
Obviously these attempts are not made by hand, but automatically with a computer program that is as fast as powerful as the computer used.
The brute force attack starts with keys of one character, then with two and so on until it can.
A dictionary attack is similar to brute force but looks for words written in a dictionary which is a list of common passwords .
In practice, instead of trying all the possible combinations of passwords we try those words most used by people such as, for example, proper names, city names, names of footballers, years and dates and so on.
Keep in mind that passwords and encryption keys are different things: the key is generated in a totally random way while a password must be remembered and entered manually so it is a simpler word.
Finding the encryption key is difficult and requires a Brute Force attack while passwords are found with simple dictionary attacks.
Brute force attacks don't work for websites .
There is a clear difference between an online and an offline brute-force attack.
For example, if an attacker wanted to steal my Gmail password, he couldn't find my password by trying the various combinations on the Gmail site because Google prevents it.
After several attempts, in fact, it blocks access by asking to enter a Captcha code to prevent some automatic programs from attempting access.
The services that provide access to online accounts as well as Facebook stop access attempts and those who try to log in too many times by mistaking passwords.
On the other hand, if the hacker had access to a computer that has a password management program with an encrypted key, he can have all the time to launch a brute force or dictionary attack by keeping it active until the password is found. .
There is no way then to prevent a large number of passwords from being tried in a short period of time.
Theoretically, no encryption is invincible even if it can take over a month to break the toughest resistances.
Hashing
Strong hashing algorithms can slow down brute force attacks.
These Hash algorithms such as SHA1 and MD5 do additional mathematical work on a password before storing it.
A brute force attack will be much slower with a hash encryption.
The speed of a Brute-Force attack depends entirely on the hardware used.
Intelligence agencies can only build specialized hardware to find encryption keys.
As an indication on the Ars Tecnica website, it is reported that a group of 25-GPUs could crack every Windows password up to 8 characters in less than six hours. The Microsoft NTLM algorithm used is no longer resistant enough, but it was in the time in which it was created.
Protect our data from brute force attacks.
There is no way to protect yourself completely, but it is unlikely that someone will pour high-level brute force attacks against us, mere mortals.
So there is no need to worry too much about suffering such complex cyber attacks.
In any case, it is important to keep encrypted data safe by trying not to let anyone access it and use self-generated secure passwords (therefore encryption keys)
Rather, the problem is to defend against social engineering attacks to steal personal data and defraud which are not based so much on technique as on ingenuity and cunning.
For example, never open emails asking to access our bank account via the internet to secure it or to approve new rules.
Secondly, however, it is always important to use complex passwords and follow the advice to generate a strong password for all websites so that it can be remembered.
You can always use a program like LastPass or KeePass to manage passwords centrally, covering all passwords with an encryption key.
