Questions tagged [brute-force]

In cryptography, a brute-force attack, or exhaustive key search, is a strategy that can, in theory, be used against any encrypted data.

Brute force is a naive algorithm which works through every possible answer until the correct one is found. Some problems can be reasonably solved this way.

Others, for instance obtaining the prime factors of large numbers or picking the best chess move, have a problem space far too large to be solved naively in a reasonable amount of time and effort.

A common example of brute force is password enumeration, where a large number of passwords are used against a protected resource in the hope that one is correct.

Many algorithms are born from trying to reduce the possible solutions in a problem space in an attempt to make brute force more efficient and economical.
These algorithms are generally based on heuristics generated from known patterns in the problem space.

982 questions

158

votes

16 answers

What is the best Distributed Brute Force countermeasure?

First, a little background: It is no secret that I am implementing an auth+auth system for CodeIgniter, and so far I'm winning (so to speak). But I've run into a pretty non-trivial challenge (one that most auth libraries miss entirely, but I insist…

security authentication brute-force

asked Jan 26 '09 at 09:37

Jens Roland

27,450
14
82
104

111

votes

10 answers

The necessity of hiding the salt for a hash

At work we have two competing theories for salts. The products I work on use something like a user name or phone number to salt the hash. Essentially something that is different for each user but is readily available to us. The other product…

security encryption hash brute-force

asked Oct 17 '08 at 18:49

kemiller2002

113,795
27
197
251

votes

3 answers

How long to brute force a salted SHA-512 hash? (salt provided)

Here is an algorithm in Java: public String getHash(String password, String salt) throws Exception { String input = password + salt; MessageDigest md = MessageDigest.getInstance(SHA-512); byte[] out = md.digest(input.getBytes()); …

hash cryptography salt brute-force sha

asked Jul 21 '11 at 12:28

timothyjc

2,188
3
29
54

votes

14 answers

Preventing Brute Force Logins on Websites

As a response to the recent Twitter hijackings and Jeff's post on Dictionary Attacks, what is the best way to secure your website against brute force login attacks? Jeff's post suggests putting in an increasing delay for each attempted login, and a…

security authentication brute-force

asked Jan 08 '09 at 13:25

Greg

316,276
54
369
333

votes

3 answers

Java all determine elements are same in a list

I am trying to determine to see if all elements in a list are same. such as: (10,10,10,10,10) --> true (10,10,20,30,30) --> false I know hashset might be helpful, but i don't know how to write in java. this is the one I've tried, but didn't…

java list hashset brute-force

asked Mar 26 '15 at 20:47

Colin Zhong

votes

3 answers

What is the best method to prevent a brute force attack?

I have my login page and of course I want to prevent brute force attacks and cause less delay for the users when they are logging in. Currently, you type in your username and password to log in. I am considering implementing a reCAPTCHA. However,…

php brute-force

asked Apr 03 '13 at 21:56

lecardo

1,208
4
15
37

votes

3 answers

Throttling brute force login attacks in Django

Are there generally accepted tactics for protecting Django applications against this kind of attack?

python django security brute-force

asked Jul 13 '12 at 19:26

Joe Mornin

8,766
18
57
82

votes

10 answers

Python Brute Force algorithm

I need to generate every possible combination from a given charset to a given range. Like, charset=list(map(str,"abcdefghijklmnopqrstuvwxyz")) range=10 And the out put should be, [a,b,c,d..................,zzzzzzzzzy,zzzzzzzzzz] I know I can do…

python algorithm brute-force

asked Jul 31 '12 at 19:09

Madushan

votes

4 answers

How does being able to factor large numbers determine the security of popular encryption algorithms?

How is the encryption algorithm's security dependent on factoring large numbers? For example, I've read on some math-programming forums that by using the Quadratic Sieve or the General Number Field Sieve, one can factor a 256 bit number with…

encryption cryptography brute-force prime-factoring

asked Feb 20 '10 at 03:38

Mithrax

7,603
18
55
60

votes

2 answers

Delete all lines not containing string in Sublime

I recently got a bruteforce on my website, and wanted to write it down somewhere. The bad new is that the log file itself are 1,4 GB large (4338995 Lines) and I haven't got the logrotate fully working yet. So I was wondering how I could remove all…

regex logging replace sublimetext brute-force

asked Apr 30 '17 at 23:59

Typewar

votes

2 answers

Spring Security: how to implement Brute Force Detection (BFD)?

My web applications security is handled by Spring Security 3.02 but I can't find any out of the box support for Brute Force Detection. I would like to implement some application level BFD protection. For example by storing failed login attempt per…

java security spring spring-security brute-force

asked Apr 21 '10 at 08:42

Kdeveloper

13,679
11
41
49

votes

2 answers

Why do divide and conquer algorithms often run faster than brute force?

Why do divide and conquer algorithms often run faster than brute force? For example, to find closest pair of points. I know you can show me the mathematical proof. But intuitively, why does this happen? Magic? Theoretically, is it true that "divide…

algorithm complexity-theory brute-force divide-and-conquer

asked Jun 15 '12 at 00:37

user1445654

votes

6 answers

Preventing Brute Force Using Node and Express JS

I'm building a website using Node and Express JS and would like to throttle invalid login attempts. Both to prevent online cracking and to reduce unnecessary database calls. What are some ways in which I can implement this?

node.js security authentication express brute-force

asked Oct 30 '13 at 18:24

Dave

7,283
12
55
101

votes

4 answers

Forgot Keystore password, thinking of Brute-Force detection. will it corrupt the keystore?

I recently realized that I have lost the password to my keystore (or perhaps the keystore got corrupted somehow) It keeps giving me the error: Keystore tampered or password incorrect I created an (quite unoptimized) algorithm to Brute-Force the…

android keystore brute-force

asked May 27 '11 at 08:12

Aman Alam

11,231
7
46
81

votes

9 answers

fail2ban not banning ssh bruteforce but regex works

I've just noticed an ssh bruteforce at my server, which actually should have been banned by fail2ban, but for some reason it doesn't ban it. Most people who have problems with fail2ban, seem to have problems with their regex, which seems to be fine…

ssh brute-force

asked Dec 21 '13 at 14:42

fish

2 3

…

65 66 Next