| Revision as of 16:48, 17 September 2004 editKbh3rd (talk | contribs)Extended confirmed users31,490 editsm minor tweaks of phrasing & links; see-also section added← Previous edit | Revision as of 16:55, 17 September 2004 edit undoKbh3rd (talk | contribs)Extended confirmed users31,490 editsm external link to an example of a successful brute-force challenge projectNext edit → | ||
| Line 9: | Line 9: | ||
| ==See also== | ==See also== | ||
| * ]. | * ]. | ||
| ==External links== | |||
| * | |||
Revision as of 16:55, 17 September 2004
In the field information system security a brute-force attack is a method to determine the decryption key of an encrypted message. While simple to implement, it is a computationally expensive method of attack. A brute-force attack is similar to a Brute-force search.
The implementation of such an attack involves the generation of a series of keys either algorithmically or from a predetermined list. The latter is also known as a dictionary attack. The generated keys and the chosen cipher are applied to the message to produce a plain text. Each passage of plain text must be verified to determine if it is a valid and therefore properly decrypted message.
This is an extremely time-consuming task, the effort for which increases exponentially with the size of the key. Cracking a message with a relatively miniscule 6-digit alphanumeric key has possible solutions, each of which must be run through the verfication process.
possible solutions, each of which must be run through the verfication process.
The benefit of a brute-force attack is that, given enough time, the correct key is guaranteed to be found. The relative security of a crytpographic system can be measured by the mean time required to find a key by brute force, and the security of an encrypted message may be expressed as the expected number of years required to thus determine its encryption key. This time decreases with increases in the power of computers. The decreasing cost and increasing power of computing resources has caused the National Institute of Standards and Technology to propose withdrawing the 56-bit-keyed Data Encryption Standard as an encryption standard in 2004.