A brute force attack is, in essence, an attempt to compromise encryption (or an online account) simply by trying every possible password.
In the case of an online account, attacks typically target a specific account. That account may be an account known to exist, perhaps by virtue of something as simple as an email address having been made public. The account may also simply be an account that is likely to exist, such as accounts using common first names at major email providers.
Regardless, the nature of a brute force attack is very slow, but also very persistent.
In practice, most brute force attacks against online accounts prioritize common passwords first. This gives them a surprisingly high success rate, even when log-in attempts are rate-limited.
Offline brute force attacks against encrypted data – including password databases – typically have no such time restriction. In this case, the complexity of the encryption algorithm, and the length of the passwords being used, determine how successful the attack will be and how quickly it may succeed.« Back to Glossary Index