Brute-Force Attacks - Basic Concept



DISCLAIMER: This article is not a tutorial on Brute-Force Attacks.
This is an introductory article to the concept of Brute-Forcing.


Brute force attacks work by experimenting every possible combination that could
make up a password and testing it to see if it is the right combination.
As the password’s length increases, the amount of time, to find the
correct combination increases exponentially (just like the hardware resources).
This means short passwords can usually be discovered quite quickly,
while longer passwords may take much more time.

Most of the time, this is not a recommended cracking method since most
Brute-force attacks are very time and resource consuming, due to their complexity.
They should only be used as a last resort, when no other methods are available.

Quick experimentation and visualization

I wrote a script in python (that you can find and run here), that allows you to see how
time increases with complexity. Also, below is an image that demonstrates how
how the usage of hardware resources vary with the increase of attempts and

This is an example of a simple Brute-force attack, which translates to low resources usage (those little white dots).

This represents a more complex Brute-force attack. It’s clearly visible the difference between the to pictures, as the latter attack is way more resource consuming.

Known software that is able to perform Brute-Force Attacks:

Cracking SSH Password with Medusa

Nice article mate! Came in handy!


I like password theory, it is the human weak link at play.

Sometimes BF would be good and not complex in certain instances. Other times SE to build a profile for list generation based on the target and assets would be far superior. Knocking down directories +1.