How Brute Force Attacks Work
Quantify the effort required to try every possible key and why it is computationally infeasible for modern ciphers.
Brute Force: Exhaustive Key Search
A brute force attack on a cipher tries every possible key until the correct one is found. For a key of n bits, there are 2^n possible keys. With a 3-bit key there are only 8 possibilities; with a 56-bit key there are over 72 quadrillion. The fundamental defence against brute force is choosing keys large enough that exhaustive search is computationally infeasible within any meaningful time frame.
DES and the Keyspace Size Lesson
DES (Data Encryption Standard) uses a 56-bit key, giving a keyspace of approximately 7.2 * 10^16. In 1977 this seemed enormous. By 1998 the EFF's Deep Crack machine broke DES in 56 hours for $250,000. By 2006 a dedicated cluster could break DES in less than 9 days for under $10,000. The lesson was clear: 56 bits was no longer sufficient security against a motivated adversary.