DEV Community

Dylan Kim
Dylan Kim

Posted on

Brute Force

Image description

💡 "Attack methods that substitute every possible value to unlock a particular password"

It is also called a 'indiscriminate encryption attack'.

It can be defined as an attack method that attempts to hack a device connected to the network by randomly and continuously entering a password, PIN number, and encryption key.

Since all possible values must be substituted, a pre-file that can store that much data is usually required.

It's a fairly old style of attack, but it's still effective and still popular.

The criterion for success of this attack is the 'time' it takes to crack a password.

(Anyway, it's an attack that's going to break through one day)

The longer the password, the more time it takes to crack it.

According to Cloudflare,

If you use 15 million keystroke attempts per second, a seven-character password cracks in nine minutes.

However, it takes 350,000 years to crack a 13-character password in the same way.

Image description

1) When generating passwords, it is recommended to generate complex passwords with at least a certain length, including case/special characters/numbers, etc.

  • (page where password stability can be tested)

https://howsecureismypassword.net/

2) Set up an account lock function to prevent further login attempts if the login failure exceeds a certain number of times (significantly lowers the success rate of the attack)

3) Added the ability to unlock the account after a certain period of time, or to initialize the password through the user's additional authentication (mobile, email, etc.)

Top comments (0)