Brute-Force Attacks Explained: How All Encryption is Vulnerable

July 6, 2013 – 7:40 AM

Brute-force attacks are fairly simple to understand, but difficult to protect against. Encryption is math, and as computers become faster at math, they become faster at trying all the solutions and seeing which one fits.

These attacks can be used against any type of encryption, with varying degrees of success. Brute-force attacks become faster and more effective with each passing day as newer, faster computer hardware is released.

Brute-Force Basics

Brute-force attacks are simple to understand. An attacker has an encrypted file — say, your LastPass or KeePass password database. They know that this file contains data they want to see, and they know that there’s an encryption key that unlocks it. To decrypt it, they can begin to try every single possible password and see if that results in a decrypted file.

They do this automatically with a computer program, so the speed at which someone can brute-force encryption increases as available computer hardware becomes faster and faster, capable of doing more calculations per second. The brute-force attack would likely start at one-digit passwords before moving to two-digit passwords and so on, trying all possible combinations until one works.

A “dictionary attack” is similar and tries words in a dictionary — or a list of common passwords — instead of all possible passwords. This can be very effective, as many people use such weak and common passwords.


You must be logged in to post a comment.