From CryptoDox, The Online Encyclopedia on Cryptography and Information Security
A brute force attack attempts to find a key by trying all possible keys.
Although it seems to be a weak approach, the brute force attacks are helped by various factors:
1. Probability: you will find the key at 50% of keys you have tried, so the key-space is reduced in 50%. This is however not a great help because if the key length is 256 bits, the half reduce only the keyspace in 1 bit.
2. Dictionary attacks: the brute force attacks are most tried using a dictionary when is posible (not in all attacks is posible to use this technique). For example the attacker will have a prepared dictionary with the results of encrypt different words usually used to make the key, and he only compares your encrypted one against the results (the dictionary). To avoid this attacks salt values and NONCE values are used when encrypt passwords or similar.
3. Weak pass phrases: sometimes some knowledge of the pass phrase is known or guessed, eliminating most keys such that the remaining keys can be exhaustively tried (brute force attacked) until the right one is guessed. For example, too many people use a single short word for their "password" -- guessing all possible 4-letter words through 8-letter words in an English dictionary takes far less time than guessing all possible keys aaaa through zzzzzzzz, which in turn takes far less time than guessing a pass phrase of 5 ordinary English words selected at random from any Diceware list.
Algorithms designed with no knowlege of Auguste Kerckhoffs's laws -- including all "classical" ciphers, all ciphers designed before 1917, and nearly all algorithms that can be encoded using a manual cipher -- are vulnerable to brute force attack.
(A "manual cipher" is a cipher designed so a person can encrypt a message "by hand" in a reasonable amount of time, without the assistance of a computer or a cipher machine).
All messages encoded such algorithms can be decoded using a computer-assisted brute force attack, because there are only a limited number of keys.
However, if the transmitter keeps each block of text transmitted with any one key below the unicity distance,
then a brute force attack may result in several plausible decoded messages -- one of which is the true message.
There are 2 techniques used in modern ciphers to make a cipher resistant to brute force attack:
- key strengthening: various techniques (salt values, nonces, padding, repeated hashing, etc.) are used so that, after an attacker guesses a key, it takes a "long time" to confirm that this is the correct key.
- key size: Algorithms designed with a knowledge of Auguste Kerckhoffs's laws are designed to have so many potential keys that, when multiplied by the confirmation time for each guess, it would take more than a thousand years (typically many, many more) to try out all possible keys.
The older analog Nagravision used in the 1990s can be defeated by a brute force attack.
