Brute Force Algorithm

DannyZucker | Jul 22, 2015 | 1 posts since 2015

Does anyone know what brute force algorithm is? I read about it in a blog( Are Your Passwords Safe? - LastPass Data Breach - Aspire Federal Credit Union ) where hackers use this algorithm to guess the password, that too of master password companies like LastPass. How do they do that?

Post a comment

me1004 | Jul 22, 2015 | 1,381 posts since 2010

You had thrown with with your use of the term "algorithm." I read the article, it does not say it is actually an algorithm.

As I understand it from previous reading, a brute force attack, as the article states -- it is typically called an attack -- is when they go through every combination possible until they hit the one that works. They just go down a long, long list of the possibilities. It will take lots of time -- even at fast computer speed of thousands of guesses per second. It could take weeks or even months.

Obviously, to use this approach on a single account would not be reasonable -- unless they already knew there was a treasure trove in that account. Still, some might want to attempt that on individual accounts. It would be more useful to break into a place like LastPass, and then see what they can get once they are in there.

Brute force attacks are nothing new. They are probably more common now as various of the older, faster approches have been nixed by changes in the technology to thwart them. (For instance, this is why WiFi modems have moved up to WPA encryption, dropping the older WEP encryption. The WPA encryption pretty much requires a brute force attack to crack, unlike the WEP, which could be cracked in a matter of hours via a different approach that would read the signal and get the bits and pieces of the password from that and test and put it together. WPA does not have that data in the signal.) Brute force attacks are used for any password protected account, whether bank, e-mail, WiFi, Facebook, or anything password protected, anything encrypted.

BTW, I would never use a place like LastPass. I think it is automatically a high risk to consolidate all your passwords in one place. That only means when it is breached -- and anyplace can be breached, anyplace -- everything you have is breached, not only that one account at LastPass! That is far too much risk and is unnecessary to set up.

The financial institution, product, and APY (Annual Percentage Yield) data displayed on this website is gathered from various sources and may not reflect all of the offers available in your region. Although we strive to provide the most accurate data possible, we cannot guarantee its accuracy. The content displayed is for general information purposes only; always verify account details and availability with the financial institution before opening an account. Contact [email protected] to report inaccurate info or to request offers be included in this website. We are not affiliated with the financial institutions included in this website.