Wednesday, March 2, 2011

Brute force….

5 comments

Hi there!, It’s quite late to write a new post due to my heavily busy weeks . Anyway recently I firemasterwas able to break down a windows password(Of course it’s simple as ABC Winking smile ) but I thought it might helpful to discuss about brute force attacking method.

There are several password finding methods,

1.Common and most time consuming one is so called ‘ Brute Force’
2. The other one is ‘Dictionary Attack’

 

and there are more ways, but it’s up to you to find .

So what is Brute Force.

According to Wikipedia…..

a brute force attack or exhaustive key search is a strategy that can in theory be used against any encrypted data[1] by an attacker who is unable to take advantage of any weakness in an encryption system that would otherwise make his/her task easier. It involves systematically checking all possible keys until the correct key is found. In the worst case, this would involve traversing the entire search space.

but how it works ? That’s the question, Here’s how it works

lets see the password is “CDE”

We can write a simple program or a Script to input the password by key by key ,related to ASCII value.(This is a simple way)

First the program will try from  

AAA
BAA
CAA
DAA   and so forth . Open-mouthed smile

Until it finds the ‘CDE’ character set.

It’s pretty time consuming task but there is a special version of brute force attack called ‘Rainbow Tables’ .I’ll write about them later .And there are number of ways to overcome this. One way is to encrypt the codes by “One type pad” cryptographic method. .

other common ways are,

-Add more characters other than letters or numbers such as ‘*’ ,’@’,’#’
-Use a bit long password. (But remember the password!)
-Imposing a 30 second delay between failed authentication attempts
-Locking the account after 5 failed authentication attempts

Like these things to find a key by brute force attack will take time than attacker expected! .

5 comments:

Post a Comment