Brute Force Attack

A brute force attack is a method of attempting to crack a password or decrypt data simply by guessing every possible password or decryption key. Brute force is highly inefficient, so a brute force attack is usually used as a last resort against a system which is impervious to other, more efficient attack methods.

Most systems that require passwords ask users to include uppercase letters, numbers, and special characters in order to decrease the efficacy of brute force attacks. This works because the greater the number of possible passwords, the harder it is to brute force.

The difficulty of a brute force can be calculated simply by taking the number of valid values—usually just one—and dividing it by the number of possible values. For example, a Bitcoin private key is usually 256 bits long. In order to brute force a specific Bitcoin private key, an attacker would have to guess each of the 256 bits correctly, and since each bit has two possible values (1 or 0), the attacker must guess from a range of 2^256 (roughly 10^77) possible values. Comparatively, a credit card number of 16 digits plus a 3 digit security code has a range of 10^19 possibilities. Brute forcing a social security number is even easier, since it is only 9 digits long. This is what makes Bitcoin vastly more secure than traditional financial systems.

In the context of cryptography, a problem or calculation is considered “hard” if the best possible method of solving it is a brute force attack. This is because a brute force attack is usually only used when no algorithm or other method can solve the problem.