Brute force cracking is a method of deciphering passwords, and the passwords are calculated one by one until the real password is found.
For example, a password that is known to be four digits and consists entirely of numbers may have 10,000 combinations, so it will take up to 10,000 attempts to find the correct password. When encountering a scenario where a password is set artificially (there is a rule to follow), you can use the password dictionary to find high-frequency passwords, which greatly shortens the cracking time.
Brute-force cracking is a common cybersecurity attack method, also known as exhaustive method, enumeration method, is a method for cracking passwords, so what is brute force cracking? What are the methods of brute-force attacks? Let's take a look at the specifics.
Brute force cracking is a method of deciphering passwords, and the passwords are calculated one by one until the real password is found. For example, a password that is known to be four digits and consists entirely of numbers may have 10,000 combinations, so it will take up to 10,000 attempts to find the correct password. When encountering a scenario where a password is set artificially, you can use the password dictionary to find high-frequency passwords, which greatly shortens the cracking time.
Setting long, complex passwords, using different passwords in different places, avoiding using personal information as passwords, and changing passwords regularly are effective ways to defend against brute force attacks.
1. Exhaustive method
The exhaustive method refers to the generation of a complete set of possible passwords based on the set length of the input password and the selected character set, and conducts a carpet search. For example, a password that is known to be four digits and consists entirely of numbers may have 10,000 combinations, so it will take up to 10,000 attempts to find the correct password. Theoretically, any kind of password can be cracked using this method, but as the complexity of the password increases, the time to crack the password increases exponentially.
The exhaustive method is suitable for guessing randomly generated SMS verification codes, etc., because the probability of occurrence of various randomly generated passwords is the same and is not affected by human memory.
2. Dictionary attacks
A dictionary attack is to save the most frequently occurring passwords to a file, which is a dictionary, and use the passwords in the dictionary to guess when broken.
Dictionary attacks are suitable for guessing human-set passwords, because the probability of different passwords is different due to the influence of human-set convenient memory, and the probability of 12345678 and password as passwords is much higher than the probability of fghtsaer as passwords. Compared with the exhaustive method, dictionary attacks lose less hit rate but save more time.
3. Rainbow table attack
The rainbow table attack is also a dictionary attack, but it is an attack method that can effectively crack the hashing algorithm.