2. Introduction
Brute Force Algorithms require a lot
of resources in order to be effective. As
such many different programming
approaches have been devised in order
to solve problems more efficiently. So
then, is there a place for brute force
algorithms?
3. Brute Force
Algorithms
● Are algorithms that rely on sheer
computing power to test all
possibilities
● A Brute Force Sort After each
iteration places the smallest
element element in top of the
stack
● A Brute Force Search searches all
possible solutions in a text
between 0 and n-m
7. Password Cracking
Hash or encrypt the estimated
password using the same
algorithm as the system being
attacked
Systematically compare the
resultant encryption or hash
against the real value
Formulate an estimate
of what the password
could be
Do they
match?
Yes
A
A
No
Store Cracked
password
8. Password Hashing
● Passwords in a computer are not stored
in plaintext
● A password hash is generated using a
hash function
● A hash is designed as a one way
function
● Thus the need to use Brute Force in
order to “crack” passwords.
Image obtained from: https://www.acunetix.com/wp-content/uploads/2015/08/password-hashing.png
9. Hashing Algorithms
● MD5 Compromised
● SHA-0 Compromised
● SHA-1 Potentially Vulnerable
● SHA-2 Safe for now
● SHA-3 Designed to easily replace
SHA-2 and to be resilient towards
attacks that could compromise SHA-
2
Image obtained from:
http://crppit.epfl.ch/documentation/Hash_Function/Documentation/iguide-crypto-
hashes_fichiers/password-hash-2.gif
10. Brute Force Attack
● Are trial and error methods used to decode
encrypted data
● Brute Force attacks are commonly
automated
● GPUs are used with great efficiency to
crack passwords.
Image obtained from:
https://www.manageengine.com/log-management/images/cyber-security-attackswhat-is-
brute-force-attack.png
11. Dictionary Attacks
● Employs the use of password lists
● Large quantities of known
password lists exist on the
Internet
● It works by entering each word in
a dictionary as a password
● Speeds up the process of
conducting a brute force attack
Image obtained from: https://tweaklibrary.com/wp-content/uploads/2019/04/Difference-Between-Brute-Force-Dictionary-
Attack-Tweaklibrary.jpg
13. Rainbow Tables
● Huge sets of precomputed tables
filled with hash values that are
pre-matched to possible plaintext
words
● These allow hackers to reverse the
hashing function
● Allow passwords to be cracked in
a very short amount of time
14. Rainbow Table Attack
● A type of attack where a
rainbow table is used to crack
the passwords stored in a
database system.
● Does a quick cryptanalysis
● An exact password match is not
needed for this attack to work
Image obtained from:
https://images.squarespace-cdn.com/content/v1/52ae955ce4b04f67f91b6df5/1550594084019-
W7EAXBMCJJL089TSF8BH/ke17ZwdGBToddI8pDm48kHXKirbMjceC_dTSD3M9W2VZw-
zPPgdn4jUwVcJE1ZvWEtT5uBSRWt4vQZAgTJucoTqqXjS3CfNDSuuf31e0tVGTP-E_K9LwsalFgt2tlYQN5J-
ASqpc59tuy_suCOgrHJu3E9Ef3XsXP1C_826c-iU/rainbowtable.png
15. Flow of a
Rainbow Table
Attack
Go to the start of
plaintext chain in
the Rainbow table
Hash the plaintext
Go to next
Plaintext entry
The plain text
obtained is the
password
Does it
match the
hash to be
cracked
Read hash to
be cracked
Does the
Rainbow
table
contain this
hash
Yes
Yes
No
16. Counter Measures
● Use more than 8 characters utilizing
combinations of characters
● Enable multiple factor authentication
● Don’t write passwords in plaintext
● Don’t repeat the same password
17. Conclusion
Brute Force algorithms are time consuming
and resource hungry. Although other more
efficient programming approaches exist, the
value of brute force should not be
dismissed. As we saw sometimes the only
way to solve an issue is through brute force.
(Even though the issue discussed may not
be the most ethically correct)
19. References
● Guide.freecodecamp.org. (2019). Brute Force Algorithms. [online] Available at:
https://guide.freecodecamp.org/algorithms/brute-force-algorithms/ [Accessed 26 Oct.
2019].
● EDUCBA. (2019). Brute Force Algorithm | Learn thre basic concepts of Brute Force
Algorithm. [online] Available at: https://www.educba.com/brute-force-algorithm/
[Accessed 29 Oct. 2019].
● Cs.drexel.edu. (2019). Homework. [online] Available at:
https://www.cs.drexel.edu/~jpopyack/Courses/AI/Wi16/assignments/HW4/index.html
[Accessed 29 Oct. 2019].
● Techopedia.com. (2019). What is Password Cracking? - Definition from Techopedia.
[online] Available at: https://www.techopedia.com/definition/4044/password-
cracking [Accessed 26 Oct. 2019].
● Sciencedirect.com. (2019). Password Cracking - an overview | ScienceDirect Topics.
[online] Available at: https://www.sciencedirect.com/topics/computer-
science/password-cracking [Accessed 1 Nov. 2019].
● Greenberg, A., Greenberg, A., Baker-Whitcomb, A., Barrett, B., Thompson, N.,
Barber, G., Knight, W. and Nield, D. (2019). Hacker Lexicon: What Is Password
Hashing?. [online] WIRED. Available at: https://www.wired.com/2016/06/hacker-
lexicon-password-hashing/ [Accessed 1 Nov. 2019].
● SearchSecurity. (2019). What is brute force attack? - Definition from WhatIs.com.
[online] Available at: https://searchsecurity.techtarget.com/definition/brute-force-
cracking [Accessed 2 Nov. 2019].
● Inside Out Security. (2019). How to Use John the Ripper: Tips and Tutorials |
Varonis. [online] Available at: https://www.varonis.com/blog/john-the-ripper/
[Accessed 3 Nov. 2019].
● GeeksforGeeks. (2019). Understanding Rainbow Table Attack - GeeksforGeeks.
[online] Available at: https://www.geeksforgeeks.org/understanding-rainbow-table-
attack/ [Accessed 4 Nov. 2019].
● Rehman, I. (2019). What Is A Brute Force Attack?. [online] The Official Cloudways
Blog. Available at: https://www.cloudways.com/blog/what-is-brute-force-attack/
[Accessed 2 Nov. 2019].
● Techopedia.com. (2019). What is Dictionary Attack? - Definition from Techopedia.
[online] Available at: https://www.techopedia.com/definition/1774/dictionary-attack
[Accessed 5 Nov. 2019].