Brute Force Attack
Brute Force Attack
A cyberattack that systematically tries every possible password combination to break in.
In Simple Terms
A brute-force attack tries every possible password combination one after another until it finds the one that works. For example, picture an attacker targeting a website's login form, automatically feeding in candidate after candidate — combinations of letters and numbers — over and over until the correct password finally turns up. It's usually performed automatically at high speed by a computer, and if a password is short or simple, the total number of possible combinations is small, which makes it much easier to crack.
Behind the Name
In English, "brute force" simply means raw, forcible power — even violence. Applied to cyberattacks, the name evokes the image of muscling a password open through sheer computational power, the digital equivalent of trying every key on a ring until one turns the lock.
Take a Closer Look!
A brute-force attack is a cyberattack technique that decodes encryption keys or passwords by exhaustively trying every conceivable combination.
It's similar to spinning a combination lock through every setting from "0000" to "9999" until it opens.
There are two patterns of this attack — an "online attack," which repeatedly accesses a live authentication system directly, and an "offline attack," which analyzes already-obtained ciphertext or hashed passwords on the attacker's own machine — and the countermeasures for each are different.
In an online attack, the attacker submits candidates one by one through something like a login screen to attempt authentication, so measures on the system side are effective, such as limiting the number of login attempts ("rate limiting") or temporarily locking an account after repeated failures.
An offline attack, on the other hand, involves the attacker running massive amounts of computation on their own computer, so login limits on the system side have no effect.
Countering this requires using passwords and encryption keys that are long and complex enough to make cracking take an enormous amount of time, along with system-side measures such as storing passwords as salted hashes processed with a computationally expensive method.