A brute-force attack is a method used by hackers to gain unauthorized access to a system or account by systematically trying all possible combinations of passwords or encryption keys until the correct one is found. Essentially, it’s like trying every possible key on a keyring until one opens the door.
Here’s a bit more detail:
- Password Cracking: Attackers use software to automate the process of guessing passwords. They might start with common passwords or use dictionaries of known words and phrases.
- Cryptographic Attack: In the context of encryption, brute-force attacks try every possible key until they find the one that decrypts the encrypted data.
- Limitations: While brute-force attacks can be effective, they are usually very time-consuming and resource-intensive, especially if the password or encryption key is complex and long.
To protect against brute-force attacks, it’s important to use strong, unique passwords and implement security measures like account lockouts after a certain number of failed login attempts and multi-factor authentication.
Additional NIST definitions:
A method of accessing an obstructed device through attempting multiple combinations of numeric/alphanumeric passwords.
Source(s):
NIST SP 800-72
In cryptography, an attack that involves trying all possible combinations to find a match.
Source(s):
NIST SP 1800-21B under Brute-Force Attack from NISTIR 8053
