Can a Brute Force Go AI work

What is a brute force attack?

A brute force attack is an attempt to crack a password or username, or to find a hidden website or the key that was used to encrypt a message. The trial-and-error principle is used in the hope of guessing the desired information at some point. This attack method is old, but it is still effective and popular with hackers.

Depending on the length and complexity of a password, cracking it can take anywhere from a few seconds to many years. In fact, some hackers work on the same system for months and sometimes even years.

Brute force attack attempts using tools

Guessing a password for a particular user or website can take a long time. Therefore, hackers have developed tools to get there faster.

Dictionaries are the most basic tool. Some hackers scroll through unabridged dictionaries and add special characters and numbers to words or use specialist dictionaries. However, this type of sequential attack is tedious.

In a standard attack, a hacker looks for a target and has possible passwords matched with the user name. Such attacks are known as dictionary attacks.

As the name implies, a reverse brute force attack is an attack strategy that uses a known password as the starting point, such as hacked passwords that are available online. Millions of usernames are queried until a username that matches the password is found.

Automated tools are also available for brute force attacks, such as Brutus, Medusa, THC Hydra, Ncrack, John the Ripper, Aircrack-ng and Rainbow. Many of these tools are able to find a password consisting of a single word in the dictionary within a second.

Such tools overcome many computer protocols (such as FTP, MySQL, SMTP and Telnet) and enable hackers to crack WLAN routers, determine weak passwords, decrypt passwords in encrypted memories, and translate words into so-called leetspeak ("don'thackme" will for example to “d0n7H4cKm3”) to test all possible character combinations and to carry out dictionary attacks.

Some tools scan precalculated rainbow tables for the input and output strings of known hash functions. With this algorithm-based encryption method, passwords are translated into long strings of characters with a specified length, made up of letters and digits.

GPU speeds up brute force attack attempts

The combination of CPU and GPU (Graphics Processing Unit) accelerates computing power by including the thousands of computing cores in the GPU during processing. This enables the system to handle several tasks at the same time. Processing via GPU is used for analyzes, engineering and other computationally intensive programs. With a GPU, passwords can be cracked around 250 times faster than with a CPU alone.

Let's take an example: for a six-digit password made up of digits, there are about two billion possible combinations. A powerful CPU that tries 30 passwords per second takes more than two years to crack the password. But if a single, high-performance graphics card comes into play, the same computer can try 7,100 passwords per second and crack the password within three and a half days.

Steps to Protect Passwords for IT Pros

To make brute force attacks more difficult, system administrators should ensure that the passwords for their systems have the maximum key length, such as: B. with a 256-bit encryption. The more bits the encryption has, the more difficult it is to crack the password.

Administrators should also use salts for the hash functions. The randomness of the password hashes is ensured by appending a random string of letters and digits (“salt”) to the password. This string should be stored in a separate database and retrieved and appended to the password before hashing. This way, users with the same password will have different hashes. In addition, administrators can enforce two-factor authentication and install an intrusion detection system (IDS) that detects brute force attacks.

Limiting the number of attack attempts also reduces the vulnerability to brute force attacks. For example, if users have three attempts to enter the correct password before a lockout is activated for several minutes, failed attempts can create significant delays and lead hackers to turn to targets that are easier for them to find.

This allows users to make their passwords more secure