Home/Glossary/Brute Force Attack

Brute Force Attack

A trial-and-error method of guessing passwords, encryption keys, or credentials by systematically trying all possibilities.

Attack MethodsAlso called: "password cracking", "exhaustive search"

Brute force attacks use computational power to exhaust all possible combinations.

Attack types

  • Simple brute force: Try every possible combination.
  • Dictionary attack: Try common words and phrases.
  • Hybrid attack: Combine dictionary words with numbers/symbols.
  • Credential stuffing: Try leaked username/password pairs.
  • Rainbow tables: Pre-computed hashes for fast cracking.

Defenses

  • Long passwords: Exponentially increase keyspace.
  • Account lockouts: Limit failed attempts.
  • Rate limiting: Slow down guessing attempts.
  • CAPTCHA: Prevent automated attacks.
  • MFA: Add second authentication factor.
  • Password hashing: Use slow algorithms (bcrypt, Argon2).

Attack speed

  • Online: 10-1,000 guesses/second (rate-limited).
  • Offline: Billions of guesses/second (GPUs).
  • Modern GPU: 158B bcrypt hashes/second (NVIDIA H100).

Time to crack examples

  • 8-char password: Minutes to hours (offline).
  • 12-char password: Years to centuries.
  • 16-char password: Millions of years.

Related Tools

Related Articles

View all articles
What Is a CDN? Content Delivery Network Guide

What Is a CDN? Content Delivery Network Guide

✅ Last Updated: January 29, 2025 • What a CDN is, how it works, pricing, providers, and setup steps

Read article →
Email Security: A Complete Guide to Protecting Your Organization from Phishing, BEC, and Modern Threats

Email Security: A Complete Guide to Protecting Your Organization from Phishing, BEC, and Modern Threats

Learn how modern email attacks work, from phishing and business email compromise to credential harvesting. Understand SPF, DKIM, DMARC, secure email gateways, and the best practices organizations need to defend their inboxes.

Read article →
Penetration Testing Methodology Workflow | Complete Pentest

Penetration Testing Methodology Workflow | Complete Pentest

Master the complete penetration testing lifecycle from pre-engagement to remediation validation. Learn PTES framework, ethical hacking methodology, vulnerability exploitation, and post-exploitation techniques with practical tools and industry best practices.

Read article →
Secure Password & Authentication Flow Workflow

Secure Password & Authentication Flow Workflow

Master the complete secure password and authentication workflow used by security teams worldwide. This comprehensive guide covers NIST 800-63B password guidelines, Argon2id hashing, multi-factor authentication, session management, brute force protection, and account recovery with practical implementation examples.

Read article →

Explore More Attack Methods

View all terms

Zero-Day Vulnerability

A previously unknown software vulnerability that attackers exploit before the vendor has released a patch or fix.

Read more →
Back to glossary