Does anyone know what brute force algorithm is? I read about it in a blog( Are Your Passwords Safe? - LastPass Data Breach - Aspire Federal Credit Union ) where hackers use this algorithm to guess the password, that too of master password companies like LastPass. How do they do that?
As I understand it from previous reading, a brute force attack, as the article states -- it is typically called an attack -- is when they go through every combination possible until they hit the one that works. They just go down a long, long list of the possibilities. It will take lots of time -- even at fast computer speed of thousands of guesses per second. It could take weeks or even months.
Obviously, to use this approach on a single account would not be reasonable -- unless they already knew there was a treasure trove in that account. Still, some might want to attempt that on individual accounts. It would be more useful to break into a place like LastPass, and then see what they can get once they are in there.
Brute force attacks are nothing new. They are probably more common now as various of the older, faster approches have been nixed by changes in the technology to thwart them. (For instance, this is why WiFi modems have moved up to WPA encryption, dropping the older WEP encryption. The WPA encryption pretty much requires a brute force attack to crack, unlike the WEP, which could be cracked in a matter of hours via a different approach that would read the signal and get the bits and pieces of the password from that and test and put it together. WPA does not have that data in the signal.) Brute force attacks are used for any password protected account, whether bank, e-mail, WiFi, Facebook, or anything password protected, anything encrypted.
BTW, I would never use a place like LastPass. I think it is automatically a high risk to consolidate all your passwords in one place. That only means when it is breached -- and anyplace can be breached, anyplace -- everything you have is breached, not only that one account at LastPass! That is far too much risk and is unnecessary to set up.