Understanding Brute-Force Attacks: How Hackers Crack Passwords π
Learn what a brute-force attack is, how it works, and how to protect your systems from this common hacking method in Module 5, Section 5.8 of System Hacking.
World Gurukul way of Learning Values and Wisdom
65 views β’ Dec 2, 2017
About this video
Module 5 β System hacking, Section 5.8 β Brute-force attack
β’ Brute-force attack is a cryptanalytic attack trying many passwords or passphrases to guess the right one. The attacker checks all possible passwords and passphrases until the correct one is found.
β’ Attacker resorts to brute-force when it is not possible to take advantage of other weaknesses in an encryption system that would make the task easier.
Brute-force attack tools
Software that performs brute-force attacks
Aircrack-ng Cain and Abel
Crack DaveGrohl
Hashcat John the Ripper
L0phtCrack Ophcrack
RainbowCrack etc.
Attack preference
β’ Password guessing - for short and weak passwords
β’ Dictionary attack - for longer and complex passwords
β’ Brute-force comes in the last for complex, longer passwords/passphrases/keys which have more possible values, making them exponentially more difficult to crack than shorter ones.
Brute-force attacks work by calculating every possible combination that could make up a password and testing it to see if it is the correct password.
β’ AES permits the use of 256-bit keys. Breaking a symmetric 256-bit key by brute force requires 2128 times than a 128-bit key. In theory it requires about 3Γ1051 years to exhaust the 256-bit key space.
Countermeasures
β’ Brute-force attacks can be defeated by complicating the data to be encoded making it more difficult for an attacker.
β’ Brute-force attacks are an application of brute-force search also known as exhaustive search, the general problem-solving technique of enumerating all candidates and checking each one.
Online attacks: Database , web and directory admins can take
countermeasures:
β Limiting the number of attempts
β Introduce time delays between successive attempts
β Add CAPTCHA answering requirement
β Add MFA by sending verification code to a mobile phone
β Locking accounts out after unsuccessful logon attempts
β Prevent a particular IP address from trying number of password attempts
Reverse brute-force attack
β’ In a reverse brute-force attack, a single password is tested against multiple usernames or encrypted files.
β’ The process is repeated for a select few passwords.
β’ Mitigation: Reverse brute-force attacks can be mitigated by establishing a password policy that disallows common passwords.
β’ Brute-force attack is a cryptanalytic attack trying many passwords or passphrases to guess the right one. The attacker checks all possible passwords and passphrases until the correct one is found.
β’ Attacker resorts to brute-force when it is not possible to take advantage of other weaknesses in an encryption system that would make the task easier.
Brute-force attack tools
Software that performs brute-force attacks
Aircrack-ng Cain and Abel
Crack DaveGrohl
Hashcat John the Ripper
L0phtCrack Ophcrack
RainbowCrack etc.
Attack preference
β’ Password guessing - for short and weak passwords
β’ Dictionary attack - for longer and complex passwords
β’ Brute-force comes in the last for complex, longer passwords/passphrases/keys which have more possible values, making them exponentially more difficult to crack than shorter ones.
Brute-force attacks work by calculating every possible combination that could make up a password and testing it to see if it is the correct password.
β’ AES permits the use of 256-bit keys. Breaking a symmetric 256-bit key by brute force requires 2128 times than a 128-bit key. In theory it requires about 3Γ1051 years to exhaust the 256-bit key space.
Countermeasures
β’ Brute-force attacks can be defeated by complicating the data to be encoded making it more difficult for an attacker.
β’ Brute-force attacks are an application of brute-force search also known as exhaustive search, the general problem-solving technique of enumerating all candidates and checking each one.
Online attacks: Database , web and directory admins can take
countermeasures:
β Limiting the number of attempts
β Introduce time delays between successive attempts
β Add CAPTCHA answering requirement
β Add MFA by sending verification code to a mobile phone
β Locking accounts out after unsuccessful logon attempts
β Prevent a particular IP address from trying number of password attempts
Reverse brute-force attack
β’ In a reverse brute-force attack, a single password is tested against multiple usernames or encrypted files.
β’ The process is repeated for a select few passwords.
β’ Mitigation: Reverse brute-force attacks can be mitigated by establishing a password policy that disallows common passwords.
Tags and Topics
Browse our collection to discover more content in these categories.
Video Information
Views
65
Duration
4:10
Published
Dec 2, 2017
Related Trending Topics
LIVE TRENDSRelated trending topics. Click any trend to explore more videos.