INTRODUCTION

As an Organization or as an Individual PC user, have you ever had compromised on network security and the entire system was hacked? Ever wondered what are the methods used by the intruder to steal your information? Well, there are many ways to break-in into your system’s network and one of the many methods is Cryptanalytic method or Dictionary attack or it is called the Brute Force attack.

METHOD USED IN HACKING and EFFECTS

This Brute force attack is a method in cryptography, to hack the system by using several combinations of passwords or passphrases or PINs. The intruder uses several techniques which involve guessing of the commonly used phrases or passwords. For this, they take a set of alphabets and numbers till the desired combination of passcode is met. Hence, the name dictionary attack has come. Alternately, the hacker can use the Data Encryption Standard (DES) key which is typically created from the password. The hackers also can use this method to decrypt the encrypted data.

HOW IT IS DONE

The technique or algorithms used to achieve is by using Brute-force search or exhaustive search. Brute force attack would likely start with one-digit passwords, before moving to two-digit passwords and so on. The Brute force is a straightforward strategy to solving a problem generally iterating through all possible solutions are found. The hacker can also you certain software platforms like Crack, Hashcat, Rainbowcrack, Aircracking, etc., to generate possible keys and apply it to the targeted system. It has been noticed that the most successful techniques used to crack passwords nowadays include rules that were compiled from the analysis of great volumes of actual passwords.

MEASURES to BLOCK BRUTE FORCE ATTACK

We can combat with this attack and secure our systems and passwords by taking measures like: Locking the account –

If a user attempts a wrong password many times then the user's account will be blocked for a given time of period. Outlook accounts are locked after a wrong password tries. If an attacker attempts a Brute Force Attack on many accounts then a Denial of Services (DOS) problem emerges. If attackers want to lock an account then they continues to hit that account and the resultant admin is again locked from the account.

Delay the login process –

Increase the time delay for logging-in to stop brute-forcing. More attempts a hacker uses to guess a password, more time does it take to check every time by increasing the CPU Cycles.

Block the Hacker’s IP –

Simply block the IP address where the brute force attack comes. Some companies avoid using this way because sometimes a user might forget his password and tries to login several times. Website administrators may prevent a particular IP address from trying more than a predetermined number of password attempts against any account on the site.

Password complexity-

Increase the complexity of the passwords by using lengthy passwords, adding CAPTCHA code, verification code or PIN.

Reverse Brute-force attack-

It is a protective measure, where a single, commonly used password is taken and tested on multiple usernames or encrypted file. The process is repeated for the selected passwords and thus establishing a password policy that disallows common passwords.