A trial-and-error, exhaustive effort used by application ­programs to decrypt encrypted data such as passwords or reveal Data Encryption Standard (DES) keys. Just as criminals try breaking into safes by trying multitudes of possible number combinations, a brute-force crack is considered by experts to be an infallible but time-­consuming activity. Another form of brute-forcing is that used against an authentication mechanism. This form tries to break into the authentication mechanism by brute-forcing all possible passwords within a range set forth by the attacker.

More “intelligent” approaches limit the search space by using likely passwords derived from words in dictionaries and name lists first and then generate fully enumerated lists only if these initial attempts fail. These are called dictionary attacks. The success rate for dictionary-based cyber attacks is embarrassingly high.

See Also: Data Encryption Standard (DES); Password.