Posts Tagged ‘brute-force attack’

Use The Brute Force, Luke

January 3rd, 2023 by Oleg Afonin

There are several methods for recovering the original password ranging from brute force to very complex rule-based attacks. Brute-force attacks are a last resort when all other options are exhausted. What can you reasonably expect of a brute-force attack, what is the chance of success, and how does it depend on the password and the data? Or just “how long will it take you to break it”? Let’s try to find out.

When adding a new encryption format or comparing the performance of different password recovery tools, we routinely quote the recovery speed expressed in the number of passwords per second. But what is the true meaning of password recovery speeds? Do the speeds depend solely, or at all, on the encryption algorithm? What’s “military grade” encryption, and does it guarantee the security of your data? And why on Earth breaking AES-256 encryption takes so vastly different effort in different file formats? Read along to find out.

Making tools for breaking passwords, I am frequently asked whether it’s legal, or how it works, or what one can do to protect their password from being cracked. There are people who have “nothing to hide”. There are those wearing tin foil hats, but there are a lot more people who can make a reasonable effort to secure their lives without going overboard. This article is for them.

How many passwords does an average Joe or Jane has to remember? Obviously, it’s not just one or two. Security requirements vary among online services, accounts and applications, allowing (or disallowing) certain passwords. Seven years ago, Microsoft determined in a study that an average user  had 6.5 Web passwords, each of which is shared across about four different websites. They’ve also determined that, back then, each user had about 25 accounts that required passwords, and typed an average of 8 passwords per day.