What is Brute Force Attack?
How does it work?
How to protect yourself
Conclusion
What is Brute Force Attack?
Brute Force Attack is a method of hacking a password by a program that tries every possible combination, meaning every code, character, or keys until you find the correct password. A brute force program is designed to use enormous effort to crack a password. Once the program has begun the process of brute force, a cracker may not have to do any more work and just wait for the program to get the correct result. You will eventually get the correct password, but it is a very time-consuming and unethical way of cracking. However, it is still a very popular method.
How does it work?
There are many ways and setbacks for a brute force attack to work. The process depends on the number of characters the password has. The shorter the password, the less possible combinations and therefore it will take much faster. The longer the password, the longer it will take. Different characters sets and case sensitivity can also be an added issue. For example, if you are looking for a 4-character password that contains only lowercase letters, then that is a total of 26*26*26*26 = 456976 different combinations. But if it was a 4-character password that contained both lowercase letters and digits, that would mean a total of 456976*10*10*10*10 = 4569760000 different combinations. With a sufficient brute force program, a short password such as a 4-character password can be cracked almost instantly. But a longer and more difficult password can take millions of years.
One of the several ways a brute force can work is with a dictionary attack. A dictionary attack uses all the words in the dictionary to crack the password. This method can be useful if the users have poor passwords.
In order for the brute force application to begin the process, some applications might need the cracker to make up the actual list of characters the program will crack. A cracker can put as many characters as they want within a separate file on a text editor. As for dictionary attacks, a list of every dictionary word can be used. Some may require hash codes that need to be stored for the program. Other programs may need the cracker to acquire the target's IP address, as well as the target's computer ports.
Examples
Here are a few examples of brute force applications:
- Brutus
- L0phtcrack
- John the Ripper
- Cain and Abel
- THC Hydra
- SolarWinds
In order to prevent brute force hacking to happen to you for webmail-based passwords the best thing to do is to make sure you have a strong password. A strong password should be longer than at least 7 characters, and should have both letters and digits. It's best to not choose a word from the dictionary for a password, because dictionary attacks will catch it right away. It is also mentioned that some brute force applications require IP addresses or ports of the victim. There is not much you can do for that but some websites display your IP address for the public and you should find a way to hide it.
Conclusion
Brute force attack is one of the most common ways to hack into someone's email account. It is definite that the cracker will get the password, but when? How long will it take? If for some strange reason someone wants to hack into your account by brute force, you wouldn't have to worry if your password is long and strong.
Top of the Page