Misplaced Pages

This is an old revision of this page, as edited by Kbh3rd (talk | contribs) at 16:48, 17 September 2004 (minor tweaks of phrasing & links; see-also section added). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

In the field information system security a brute-force attack is a method to determine the decryption key of an encrypted message. While simple to implement, it is a computationally expensive method of attack. A brute-force attack is similar to a Brute-force search.

The implementation of such an attack involves the generation of a series of keys either algorithmically or from a predetermined list. The latter is also known as a dictionary attack. The generated keys and the chosen cipher are applied to the message to produce a plain text. Each passage of plain text must be verified to determine if it is a valid and therefore properly decrypted message.

This is an extremely time-consuming task, the effort for which increases exponentially with the size of the key. Cracking a message with a relatively miniscule 6-digit alphanumeric key has ${\displaystyle 62^{6}}$ possible solutions, each of which must be run through the verfication process.

The benefit of a brute-force attack is that, given enough time, the correct key is guaranteed to be found. The relative security of a crytpographic system can be measured by the mean time required to find a key by brute force, and the security of an encrypted message may be expressed as the expected number of years required to thus determine its encryption key. This time decreases with increases in the power of computers. The decreasing cost and increasing power of computing resources has caused the National Institute of Standards and Technology to propose withdrawing the 56-bit-keyed Data Encryption Standard as an encryption standard in 2004.

See also

• Brute-force search.