Home/Glossary/Brute Force Attack

Brute Force Attack

A trial-and-error method of guessing passwords, encryption keys, or credentials by systematically trying all possibilities.

Attack MethodsAlso called: "password cracking", "exhaustive search"

Brute force attacks use computational power to exhaust all possible combinations.

Attack types

  • Simple brute force: Try every possible combination.
  • Dictionary attack: Try common words and phrases.
  • Hybrid attack: Combine dictionary words with numbers/symbols.
  • Credential stuffing: Try leaked username/password pairs.
  • Rainbow tables: Pre-computed hashes for fast cracking.

Defenses

  • Long passwords: Exponentially increase keyspace.
  • Account lockouts: Limit failed attempts.
  • Rate limiting: Slow down guessing attempts.
  • CAPTCHA: Prevent automated attacks.
  • MFA: Add second authentication factor.
  • Password hashing: Use slow algorithms (bcrypt, Argon2).

Attack speed

  • Online: 10-1,000 guesses/second (rate-limited).
  • Offline: Billions of guesses/second (GPUs).
  • Modern GPU: 158B bcrypt hashes/second (NVIDIA H100).

Time to crack examples

  • 8-char password: Minutes to hours (offline).
  • 12-char password: Years to centuries.
  • 16-char password: Millions of years.

Related Tools

Related Articles

View all articles
What Is a CDN? Content Delivery Network Guide

What Is a CDN? Content Delivery Network Guide

✅ Last Updated: January 29, 2025 • What a CDN is, how it works, pricing, providers, and setup steps

Read article →
Penetration Testing Methodology Workflow | Complete Pentest

Penetration Testing Methodology Workflow | Complete Pentest

Master the complete penetration testing lifecycle from pre-engagement to remediation validation. Learn PTES framework, ethical hacking methodology, vulnerability exploitation, and post-exploitation techniques with practical tools and industry best practices.

Read article →
Secure Password & Authentication Flow Workflow

Secure Password & Authentication Flow Workflow

Master the complete secure password and authentication workflow used by security teams worldwide. This comprehensive guide covers NIST 800-63B password guidelines, Argon2id hashing, multi-factor authentication, session management, brute force protection, and account recovery with practical implementation examples.

Read article →
SOC Alert Triage & Investigation Workflow | Complete Guide

SOC Alert Triage & Investigation Workflow | Complete Guide

Master the complete SOC alert triage lifecycle with this practical guide covering SIEM alert handling, context enrichment, threat intelligence correlation, MITRE ATT&CK mapping, and incident escalation. Learn industry frameworks from NIST, SANS, and real-world best practices to reduce MTTC by 90% and eliminate alert fatigue.

Read article →

Explore More Attack Methods

View all terms

Zero-Day Vulnerability

A previously unknown software vulnerability that attackers exploit before the vendor has released a patch or fix.

Read more →
Back to glossary