Brute-force Hacking Explained

Bruteforce hackingBrute force (additionally called brute force cracking) is a method used by software programs to decode encrypted data such as passwords or Data Encryption Standard (DES ) keys, through exhaustive effort using it rather than employing intellectual techniques. Just as a crookcrook might break into, or crack a safe through different possible combinations, this way of cracking application moves via all possible combinations of legal characters in sequence. Brute-force is taken into consideration to be an infallible, even though time-consuming, approach.

Crackers are now used in an organization to test network security, although their most common use is for malicious attacks. Some variations, such as L0phtcrack from ‘L0pht Heavy Industries’, begin by making assumptions, depending on knowledge of common or organization-centered practices and then apply bruteforce to crack the rest of the data. L0phtcrack uses brute force to crack Windows NT passwords from a workstation. PC Magazine said that a system administrator who used the technique from a Windows 95 terminal with no administrative privileges, was able to uncover 85 percent of office passwords within twenty minutes.

This kind of attack is a process of breaking a cipher (that is, to decrypt a selected encrypted data) by means of attempting possible key. Feasibility of this attack depends on the key length of the cipher, and on the total amount of computational strength available to the attacker. Brute-Force Password Cracker tool tests all the possible mixture of characters in a pre-defined or custom character set towards the encrypted passwords loaded in the dialog.

The key space of all viable combination of passwords to try is calculated using the following formula:

KS = L^(m) + L^(m+1) + L^(m+2) + …….. + L^(M)

where

L = character set length
m = min length of the key
M = max length of the key

For example, when you want to crack an half of a LanManager passwords (LM) using the character set “ABCDEFGHIJKLMNOPQRSTUVWXYZ” of 26 letters, the brute-force cracker have to try KS = 26^1 + 26^2 + 26^3 + …… + 26^7 = 8353082582 different keys. If you want to crack the same password using the character set “ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()-_+=~`[]{}|\:;”‘<>,.?/”, the number of keys to try rises at 6823331935124.

How it works

The dialog gives the possibility to pick out from a set of pre-defined character sets or to input a custom one; the initial password can also be modified for resuming a previous attack. The “Key Rate” field shows the number of keys that the attack tries every second against all hashes/encrypted passwords loaded. The “Time Left” shows the remaining time to complete the key space and the “Current password” field shows the actual key tested by the program.

The cracker’s list that initiated the attack is updated when you exit the dialog, in order to reflect all the passwords discovered.

A brute-force attack are normally used by hackers when there is no chance of taking benefit of encrypted system weakness or by security analysis experts to test an organization’s network security .This technique of password cracking is very fast for short length passwords.

> It might interest you: Popular Tools for Brute-force Attack