Search

Talk:Brute-force attack

Latest comment: 1 year ago by Svartkaffe in topic Mask Attack
Learn more about this page
Former good articleBrute-force attack was one of the Engineering and technology good articles, but it has been removed from the list. There are suggestions below for improving the article to meet the good article criteria. Once these issues have been addressed, the article can be renominated. Editors may also seek a reassessment of the decision if they believe there was a mistake.
Article milestones
DateProcessResult
December 19, 2004Featured article candidateNot promoted
December 19, 2005Good article nomineeListed
August 14, 2008Good article reassessmentDelisted
Current status: Delisted good article
WikiProject iconComputer Security: Computing High‑importance
WikiProject iconThis article is within the scope of WikiProject Computer Security, a collaborative effort to improve the coverage of computer security on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.Computer SecurityWikipedia:WikiProject Computer SecurityTemplate:WikiProject Computer SecurityComputer Security articles
HighThis article has been rated as High-importance on the project's importance scale.
Taskforce icon
This article is supported by WikiProject Computing (assessed as High-importance).
Things you can help WikiProject Computer Security with:
Article alerts will be generated shortly by AAlertBot. Please allow some days for processing. More information...
  • Answer question about Same-origin_policy
  • Review importance and quality of existing articles
  • Identify categories related to Computer Security
  • Tag related articles
  • Identify articles for creation (see also: Article requests)
  • Identify articles for improvement
  • Create the Project Navigation Box including lists of adopted articles, requested articles, reviewed articles, etc.
  • Find editors who have shown interest in this subject and ask them to take a look here.
WikiProject iconComputing High‑importance
WikiProject iconThis article is within the scope of WikiProject Computing, a collaborative effort to improve the coverage of computers, computing, and information technology on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.ComputingWikipedia:WikiProject ComputingTemplate:WikiProject ComputingComputing articles
HighThis article has been rated as High-importance on the project's importance scale.
WikiProject iconComputer science High‑importance
WikiProject iconThis article is within the scope of WikiProject Computer science, a collaborative effort to improve the coverage of Computer science related articles on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.Computer scienceWikipedia:WikiProject Computer scienceTemplate:WikiProject Computer scienceComputer science articles
HighThis article has been rated as High-importance on the project's importance scale.
Things you can help WikiProject Computer science with:

WikiProject iconCitizendium Porting (inactive)
WikiProject iconThis article is within the scope of WikiProject Citizendium Porting, a project which is currently considered to be inactive.Citizendium PortingWikipedia:WikiProject Citizendium PortingTemplate:WikiProject Citizendium PortingCitizendium Porting articles

Quantum computer speculation

Latest comment: 12 years ago1 comment1 person in discussion

I don't think this line should be in here "Quantum computers are needed to crack such complicated encryptions in a more practical length of time."

Quantum computing is not going to get around thermodynamic limits of 256 bit keys. More info: http://everything2.com/user/dogganos/writeups/Thermodynamics+limits+on+cryptanalysis

Certainly it is not the case that "Quantum computers are needed" - that implies that they are *currently* being considered, and that is no longer the case. — Preceding unsigned comment added by Meepdeedoo (talkcontribs) 13:56, 19 August 2011 (UTC)

Salting as mitigation for reverse brute-force

Latest comment: 5 years ago2 comments2 people in discussion

In the recent "edit toggle" between Multichill and Guy Macon, Multichill is correct. When just a single plaintext password is tried against a corpus of unsalted hashes, if ten accounts have the same password, all ten of them are cracked with the same amount of effort. By contrast, if the hashes are salted, the calculations for that hash have to be performed for each of those ten users, even if they all have the same password. In other words, for this specific kind of attack, salting significantly increases the processing time required and is one of the primary recommended mitigations. Royce (talk) 07:28, 10 December 2018 (UTC)

That's not what the source says. Your logic is correct, but is it WP:OR. If you have a reliable secondary source that says what you are claiming, please re-add the claim along with the source that supports it. The existing source[1] says:
"Essentially there are two types of brute force attacks, (normal) brute force and reverse brute force. A normal brute force attack uses a single username against many passwords. A reverse brute force attack uses many usernames against one password. In systems with millions of user accounts, the odds of multiple users having the same password dramatically increases. While brute force techniques are highly popular and often successful, they can take hours, weeks or years to complete."
It only talks about trying passwords against usernames. It says nothing about trying passwords against hashes.
Getting back to your WP:OR, according to my WP:OR (which is equally useless as a basis for edits to the article) an attacker who has access to the hashes has a distinct advantage if the hashes are not salted, but the best way for an attacker to exploit that advantage is not to do a reverse brute force attack. The best use of his resources is to identify a hash that has multiple high-value accounts and do a conventional brute force attack against one of them. If he succeeds, he has the rest of them for free. By contrast, by doing a reverse brute force attack in that situation he only spends a portion of his effort on the accounts with the duplicate hashes. Salting is definitely a way of making life harder on an attacker, but you are wrong in thinking that this is somehow specific to attackers who do reverse brute force attacks. --Guy Macon (talk) 08:46, 10 December 2018 (UTC)

Mask Attack

Latest comment: 1 year ago1 comment1 person in discussion

When reading about the Hashcat system, I came upon the term "Mask Attack" which as far as I understand is a form of Brute force attack but with a limitations on the form of the forces tried. Could this be a suitable addition to this page about brute force, or is it better seen as an article of its own? Svartkaffe (talk) 07:23, 27 December 2022 (UTC)

Add topic
Retrieved from "https:https://www.search.com.vn/wiki/index.php?lang=en&q=Talk:Brute-force_attack&oldid=1204414347"
🔥 Top keywords: Main PageSpecial:SearchPage 3Wikipedia:Featured picturesHouse of the DragonUEFA Euro 2024Bryson DeChambeauJuneteenthInside Out 2Eid al-AdhaCleopatraDeaths in 2024Merrily We Roll Along (musical)Jonathan GroffJude Bellingham.xxx77th Tony AwardsBridgertonGary PlauchéKylian MbappéDaniel RadcliffeUEFA European Championship2024 ICC Men's T20 World CupUnit 731The Boys (TV series)Rory McIlroyN'Golo KantéUEFA Euro 2020YouTubeRomelu LukakuOpinion polling for the 2024 United Kingdom general electionThe Boys season 4Romania national football teamNicola CoughlanStereophonic (play)Gene WilderErin DarkeAntoine GriezmannProject 2025