well this is an article regarding what exactly is brute force
so that newbies can appreciate and understand the functioning a bit
(compiled and written by I, me and myself, a small of bit help from here and dere)The
term "brute force" means to overpower the defense through repetition.
In the case of password hacking, brute forcing involves dictionary
software that recombines English dictionary words with thousands of
varying combination. (Yes, much like a Hollywood safecracker movie
scene, but much slower and much less glamorous xD) . Brute force
dictionaries always start with simple letters "a", "aa", "aaa", and then
eventually moves to full words like "dog", "doggie", "doggy". These
brute force dictionaries can make up to 50 attempts per minute in some
cases. Given several hours or days, these dictionary tools will overcome
any password. The secret is to make it take days to crack your
password, unless u have a mega or super computer with u.
Thats about the dictionary attack
But the ACTUAL Brute force, that was the frst time used in cryptography is wat the word means
BRUTE, RAW POWER (force) to crack open a password
doing it by combining alphabets to make various length passes one after the other, step by step
In
cryptography, a brute-force attack, or exhaustive key search, is a
strategy that can, in theory, be used against any encrypted data. Such
an attack might be utilized when it is not possible to take advantage of
other weaknesses in an encryption system (if any exist) that would make
the task easier. It involves systematically checking all possible keys
until the correct key is found. In the worst case, this would involve
traversing the entire search space.
The key length used in the
encryption determines the practical feasibility of performing a
brute-force attack, with longer keys exponentially more difficult to
crack than shorter ones. Brute-force attacks can be made less effective
by obfuscating the data to be encoded, something that makes it more
difficult for an attacker to recognise when he/she has cracked the code.
One of the measures of the strength of an encryption system is how long
it would theoretically take an attacker to mount a successful
brute-force attack against it.
As commercial available successors
of governmental ASICs Solution also known as custom hardware attack,
today two emerging technologies have proven their capability in the
brute-force attack of certain ciphers. One is modern graphics processing
unit (GPU) technology, the other is the field-programmable gate array
(FPGA) technology. GPUs benefit from their wide availability and
price-performance benefit, FPGAs from their energy efficiency per
cryptographic operation. Both technologies try to transport the benefits
of parallel processing to brute-force attacks. In case of GPUs some
hundreds, in the case of FPGA some thousand processing units making them
much better suited to cracking passwords than conventional processors.
Various publications in the fields of cryptographic analysis have proved
the energy efficiency of today’s FPGA technology, for example, the
COPACOBANA
FPGA Cluster computer consumes the same energy as a
single PC (600 W), but performs like 2,500 PCs for certain algorithms. A
number of firms provide hardware-based FPGA cryptographic analysis
solutions from a single FPGA PCI Express card up to dedicated FPGA
computers.[citation needed] WPA and WPA2 encryption have successfully
been brute-force attacked by reducing the workload by a factor of 50 in
comparison to conventional CPUs and some hundred in case of FPGAs.
AES
permits the use of 256-bit keys. Breaking a symmetric 256-bit key by
brute force requires 2128 times more computational power than a 128-bit
key. A device that could check a billion billion (1018) AES keys per
second (if such a device could ever be made) would in theory require
about 3×1051 years to exhaust the 256-bit key space.
An
underlying assumption of a brute-force attack is that the complete
keyspace was used to generate keys, something that relies on an
effective random number generator, and that there are no defects in the
algorithm or its implementation. For example, a number of systems that
were originally thought to be impossible to crack by brute force have
nevertheless been cracked because the key space to search through was
found to be much smaller than originally thought, because of a lack of
entropy in their pseudorandom number generators. These include
Netscape's implementation of SSL (famously cracked by Ian Goldberg and
David Wagner in 1995[6]) and a Debian/Ubuntu edition of OpenSSL
discovered in 2008 to be flawed. A similar lack of implemented entropy
lead to the breaking of Enigma's code.
Unbreakable codesCertain
types of encryption, by their mathematical properties, cannot be
defeated by brute force. An example of this is one-time pad
cryptography, where every cleartext bit has a corresponding key bit.
One-time pads rely on the ability to generate a truly random sequence of
key bits. A brute-force attack would eventually reveal the correct
decoding, but also every other possible combination of bits, and would
have no way of distinguishing one from the other. A small, 100-byte,
one-time-pad–encoded string subjected to a brute-force attack would
eventually reveal every 100-byte string possible, including the correct
answer, but mostly nonsense. Of all the answers given, there is no way
of knowing which is the correct one. Nevertheless, the system can be
defeated if not implemented correctly, for example if one-time pads are
re-used or intercepted.[10]
A similar argument can apply when a
*single* plaintext is encrypted by any method where the text is shorter
than the key. For example, if the text is a single byte, then (for most
types of encryption with large key sizes such as 128 bits) all bytes
from "00"-"FF" will appear, with equal probability, as possible
plaintexts corresponding to guessed keys.
bt of course this kindof stuff is used in in military work
so no need to worry bout them as u wont find them "normally"
xD
well watever
u can use many softs to brute force, like apexe, brutus, etc
i hope this article helped make some general basics clear
dnt frget to ++++ me fr this
*sigh*
took quite some time to write this