Ver:
· http://en.wikipedia.org/wiki/Brute_force_attack
1. Caso
particular de ataque sólo al texto cifrado en el que el criptoanalista,
cociendo el algoritmo de cifra, intenta su descifrado probando con cada clave
del espacio de claves. Si el cardinal de este último es un número muy grande,
el tiempo invertido en recorrer el citado espacio es fabuloso, y las probabilidades
de éxito escasísimas.
2. Aplicación
de una función resumen (supuesto conocida) a todos los posibles mensajes de un
espacio de ellos, para encontrar aquél cuyo resumen coincide con uno dado.
[Ribagorda:1997]
(I) A
cryptanalysis technique or other kind of attack method involving an exhaustive
procedure that tries a large number of possible solutions to the problem. (See: impossible, strength, work
factor.) [RFC4949:2007]
This attack
requires trying all (or a large fraction of all) possible values till the right
value is found; also called an exhaustive search.
http://www.rsasecurity.com/rsalabs/faq
An attacker gains
unauthorised access to the hashed or encrypted password, runs a program offline
to encrypt or hash a database of possible passwords and compares the results
with the hashed or encrypted password. The brute force attack may be conducted through
dictionary or exhaustion attacks or pre-calculated hashed or encrypted
databases. Alternatively another (and more time-consuming) attack comprises the
unauthorised user running a program online to try many passwords until a match
is found though this can be countered by limiting the number of retries allowed
A similar attack may be carried out against a file of hashed biometrics
templates though exploitation of recovered biometrics may be more difficult.
An automated
process of trial and error used to guess the secret protecting a system.
Examples of these secrets include usernames, passwords or cryptographic keys.
http://www.webappsec.org/projects/glossary/
A cryptanalysis
technique or other kind of attack method involving an exhaustive procedure that
tries all possibilities, one-by-one.
http://www.sans.org/security-resources/glossary-of-terms/
Temas relacionados