|
An explanation! Sunday, 14-Feb-99 18:18:30
Hi Jeff, A bruteforce attack simply consists of a program that will attempt to try out every possible combination of letter, numbers and symbols as a password, until such time it finds the correct one. This can be written in almost any language. The problem with the bruteforce attack is that if the password you are trying to crack is long enough and has special characters included in it, then it becomes totally impractical. The fastest computer in the world (currently IBM`s new flagship) would take 10^64 billion years to figure out a 16 letter password using the entire ascii character set. Therefore, a bruteforce attack is only usefull when the password is short enough or enough is known about the encryption routine to narrow down the possibilities. A dictionary attack is one where instead of guessing a password, every word in a dictionary is tried automatically ( usually because most people choose a word they can remember ). This is usually the first method to try. What happens is that the program you write either types in your password for you and then presses the OK button (Claymore is a good example of this) or you have to write the encryption routine into your own program and this way it is quicker. This method is the same method that is used to find out original passwords from a unix password file. Please note the the original passwords are not generated by reversing the encrypted text (This is NOT possible). Passworded zip files are only as weak as the human element and can be made pretty secure. One way is not to encrypt more than one file with the same password as this can help in decrypting the files. The other is not to encrypt a plain 'exe' file as certain bytes can be known and can help towards a plaintext attack. There are many many way`s of getting nearer to the original text, but most are far too time consuming to be worth the trouble. I hope this helps a bit. L8R Mushy!! Mushy |
| Brute force attack was successful (Dr. Zen) (13-Feb-99 22:26:29) |