Brute-force attack

[1] Such an attack might be used when it is not possible to take advantage of other weaknesses in an encryption system (if any exist) that would make the task easier.

Longer passwords, passphrases and keys have more possible values, making them exponentially more difficult to crack than shorter ones due to diversity of characters.

If it is assumed that the calculation occurs near room temperature (≈300 K), the Von Neumann-Landauer Limit can be applied to estimate the energy required as ≈1018 joules, which is equivalent to consuming 30 gigawatts of power for one year.

Furthermore, this is simply the energy requirement for cycling through the key space; the actual time it takes to flip each bit is not considered, which is certainly greater than 0 (see Bremermann's limit).

[citation needed] However, this argument assumes that the register values are changed using conventional set and clear operations, which inevitably generate entropy.

[citation needed] WPA and WPA2 encryption have successfully been brute-force attacked by reducing the workload by a factor of 50 in comparison to conventional CPUs[11][12] and some hundred in case of FPGAs.

These include Netscape's implementation of Secure Sockets Layer (SSL) (cracked by Ian Goldberg and David Wagner in 1995) and a Debian/Ubuntu edition of OpenSSL discovered in 2008 to be flawed.

[16][17] Credential recycling is the hacking practice of re-using username and password combinations gathered in previous brute-force attacks.

[20][page needed] Website administrators may prevent a particular IP address from trying more than a predetermined number of password attempts against any account on the site.

[21] Additionally, the MITRE D3FEND framework provides structured recommendations for defending against brute-force attacks by implementing strategies such as network traffic filtering, deploying decoy credentials, and invalidating authentication caches.

[22] In a reverse brute-force attack, a single (usually common) password is tested against multiple usernames or encrypted files.

The 1998 Electronic Frontier Foundation 's US$250,000 DES cracking machine contained over 1,800 custom chips and could brute-force a DES key in a matter of days. The photograph shows a DES Cracker circuit board fitted with 64 Deep Crack chips using both sides.
Modern GPUs are well-suited to the repetitive tasks associated with hardware-based password cracking.
A single COPACOBANA board boasting 6 Xilinx Spartans – a cluster is made up of 20 of these