Brute Force Attack
Brute force attack is where the attacker tries every possible key until the correct one is found.
- aka exhaustive search attack
- e.g. uses all possible combinations of characters to learn a user’s password
- e.g. For bit-length key of 128, attacker has to try
keys - most algorithms are vulnerable to brute force,
- but are computationally infeasible in practice
- attacker has access to:
- plaintext-ciphertext pairs
- attacker encrypts the known plaintext with each possible key
- compares it to the corresponding ciphertext
- or plaintexts and ciphertexts without a known association
- ciphertext is decrypted with each possible key
- result is compared to known plaintexts
- plaintext-ciphertext pairs
- multiple variations of the brute force attack:
- rainbow table attack
- try to identify the hash value of the password, then convert it back to plain text
- dictionary attack
- performed by the attacker by using an application and a large dictionary text file with just words
- When the attacker runs the application, it tries identifying the password by trying hundreds or thousands of words per minute from that dictionary file
- rainbow table attack