黑客使用多种方法进入计算机、计算机网络、网站或在线服务。进行蛮力攻击(Brute Force Attack)就是其中之一。这是破解服务器或普通计算机的最简单但耗时的方法之一。蛮力(Brute)攻击机制有它的优势——它也可以用来检查网络安全和找回忘记的密码。在这篇文章中,我们将尝试了解蛮力攻击(Brute Force Attack)的定义,并了解基本的预防方法。
蛮力攻击
蛮力攻击是网络攻击(Cyber Attack)的一种,您可以使用软件旋转不同的字符来创建可能的密码组合。蛮力攻击(Brute Force Attack)密码破解软件简单地使用所有可能的组合来找出计算机或网络服务器的密码。它很简单,不采用任何智能技术。由于它是基于数学的,因此使用蛮力应用程序破解密码而不是手动破解密码所需的时间更少。我之所以说基于数学,是因为计算机擅长数学,并且与人类大脑相比,它可以在几秒钟内执行此类计算,而人类大脑需要更长的时间来创建组合。
蛮力攻击(Brute Force Attack)的好坏取决于使用它的人。可能是网络犯罪分子试图侵入网络服务器,也可能是网络管理员试图查看其网络的安全性。一些计算机用户还使用蛮力应用程序来恢复忘记的密码。
蛮力攻击(Brute Force Attacks)期间计算和密码的速度很重要
如果您使用所有小写字母且没有特殊字符或数字,那么在暴力攻击破解密码之前可能只需 2-10 分钟。但是,大写和小写字母的组合以及一个数字(假设有八位数字)将需要 14-15 年以上的时间来破解密码。
它还取决于计算机处理器的速度,例如破解网络密码或正常登录Windows独立计算机需要多长时间。
因此,拥有强密码是很有意义的。要创建真正强大的密码,您可以使用 ASCII 字符来创建更强大的密码。ASCII 字符(ASCII characters)是指键盘上可用的所有字符以及更多字符(您可以通过按Numpad上的(Numpad)ALT+numbers(0-255)来查看它们)。大约有 255 个ASCII字符,每个字符都有一个由机器读取并转换为二进制(0 或 1)的代码,以便可以与计算机一起使用。例如,“空格”的ASCII码是 32。当您输入空格时,计算机会将其读取为 32 并将其转换为二进制 - 即 10000。这些 1、0、0、0、0、0 被存储如开、关(OFF)、OFF , OFF , OFF , OFF在计算机的内存中(即由电子开关制成)。这与暴力破解无关,只是在使用所有ASCII字符的情况下,如果您在密码中使用特殊字符,则破解密码所需的总时间可能超过 100 年左右。我为那些不知道字符如何存储在计算机内存中的人谈到了ASCII 。
这是蛮力密码计算器的链接(Here is a link),您(Brute Force Password Calculator)可以在其中查看破解密码需要多长时间。给出了不同的选项,包括小写字母、大写字母、数字和所有ASCII字符。根据您在密码中使用的内容,选择选项并单击计算以查看蛮力(Brute)攻击破坏您的计算机或服务器的难度。
蛮力攻击预防(Brute Force Attack Prevention)和保护(Protection)
由于除了尝试用于创建密码的不同字符组合外,在蛮力攻击中没有应用特殊逻辑,因此在非常基本的层面上进行预防相对容易。
除了使用完全更新的Windows操作系统和安全软件外,您还应该使用具有以下一些特征的强密码(strong password):
- 至少有一个大写字母
- 至少一位数
- 至少一个特殊字符
- 密码应至少为 8-10 个字符
- ASCII 字符,如果你愿意的话。
密码越长,破解密码所需的时间就越长。如果您的密码类似于“PA$$w0rd”,那么使用当前可用的蛮力攻击应用程序破解它需要 100 多年的时间。请不要在示例中使用建议的密码,因为使用一些不属于暴力攻击领域的智能软件很容易破解它。
我们的免费软件PassBox是一个方便的小工具,它可以记住您的所有密码,甚至为您的帐户生成强密码——或者您可以使用一些免费的在线密码生成器(online password generator )匿名创建强密码。完成后,使用 Microsoft 的Password Checker测试您的新密码。密码检查器(Password Checker)会在您键入时评估您的密码强度。
相关阅读(Related read):什么是密码喷射攻击(Password Spray Attack)?
如果您使用的是WordPress网站软件,那么还有许多WordPress安全插件可以自动阻止暴力攻击。使用像Sucuri或Cloudflare这样的网络防火墙是您可以考虑的另一种选择。阻止暴力攻击的一种方法是在指定次数的密码尝试失败后锁定帐户。限制登录 WordPress(Limit Logins WordPress)插件非常适合阻止对您的博客的暴力攻击。其他措施包括只允许从选定的 IP 地址登录,将默认登录URL(URLs)更改为其他内容,以及使用验证码来加强 WordPress 博客的安全性(harden your WordPress blog security)。
阅读下一篇(Read next):如何阻止对 Windows Server 的蛮力攻击。
Brute Force Attacks - Definition and Prevention
There are many methods hackers use to get into a computer, computer network, a website or online service. Carrying oυt a Brute Force Attack is one of them. It is one of the simplest, yet time-consuming method to hack a server or a normal computer. The Brute force attack mechanism has its advantages – it can also be used to check network security and to recover forgotten passwords. In this post, we will try and understand Brute Force Attack definition and see the basic prevention method.
Brute Force Attacks
A Brute Force Attack is a type of Cyber Attack, where you have a software spinning up different characters to create a possible password combination. The Brute Force Attack password cracker software simply uses all possible combinations to figure out passwords for a computer or a network server. It is simple and does not employ any intelligent techniques. Since it is math-based, it takes less time to crack a password using brute force applications rather than figuring them out manually. I said math-based because computers are good at math and perform such calculations in split seconds compared to human brains, which take longer to create combinations.
Brute Force Attack is good or bad depending upon the person using it. It could be a cybercriminal trying to hack into a network server or it could be a network admin trying to see how secure his or her network is. Some computer users also use brute force apps to recover forgotten passwords.
Speed of computing & passwords matter during Brute Force Attacks
If you are using all lower letters and no special characters or digits, it might be a work of just 2-10 minutes before a brute force attack can crack the password. However, a combination of upper case and lower case letters along with a digit (supposing there are eight digits), will take more than 14-15 years to crack the password.
It also depends upon the speed of the computer processor, as to how long it takes to crack the password of the network or normal login to a Windows standalone computer.
Thus it makes a lot of sense to have strong passwords. To create really strong passwords, you can make use of ASCII characters to create stronger passwords. ASCII characters refer to all the characters available on the keyboard and more (you can see them by pressing ALT+numbers (0-255) on Numpad). There are some 255 ASCII characters and each one has a code that is read by machine and converted to binary (0 or 1) so that it can be used with computers. For example, the ASCII code for “space” is 32. When you enter a space, the computer reads it as 32 and converts it into binary – which would be 10000. These 1, 0, 0, 0, 0, 0 are stored as ON, OFF, OFF, OFF, OFF, OFF in the computer’s memory (that is made of electronic switches). This has nothing to do with brute force except that in case of use of all ASCII characters if you use special characters in the password, the total time taken to crack the password could run above 100 years or so. I spoke about ASCII for people who do not know how characters are stored in the computer’s memory.
Here is a link to a Brute Force Password Calculator, where you can check out how long it will take to crack a password. There are different options given that include lower case letters, upper case letters, digits, and all ASCII characters. Based on what you used in your password, select the options and click on calculate to see how difficult it would be for a Brute force attack to compromise your computer or server.
Brute Force Attack Prevention & Protection
Since no special logic is applied in brute force attacks except for trying out different combinations of characters used for the creation of a password, prevention on a very basic level, is relatively easy.
Apart from using a fully updated Windows operating system and security software, you should use a strong password that has some of the following characteristics:
- At least one upper case letter
- At least one digit
- At least one special character
- The password should be a minimum of 8-10 characters
- ASCII characters, if you wish.
The lengthier a password is, the more time it will take to crack the password. If your password is something like ‘PA$$w0rd”, it will take more than a 100 years to crack it with currently available brute force attack apps. Please do not use the suggested password in the example, as it is very easy to break it using some intelligent software that falls out of the realm of brute force attacks.
Our freeware PassBox is a handy little tool that will remember all your passwords and even generate strong passwords for your account – or you could use some free online password generator to create strong passwords anonymously. Having done that, test your new password with Microsoft’s Password Checker. The Password Checker evaluates your password’s strength as you type.
Related read: What is a Password Spray Attack?
If you are using WordPress website software, then there are also many WordPress security plugins that automatically block brute force attacks. Using a web firewall like Sucuri or Cloudflare is another option you can consider. One way to block brute-force attacks is to lock out accounts after a defined number of failed password attempts. The Limit Logins WordPress plugin is good for stopping brute force attacks on your blog. Other measures include allowing logins from only select IP addresses, changing default login URLs to something else, and using Captcha’s to harden your WordPress blog security.
Read next: How to block Brute Force Attacks on Windows Server.