0Pricing
Cryptology Academy · Lesson

How Brute Force Attacks Work

Quantify the effort required to try every possible key and why it is computationally infeasible for modern ciphers.

Brute Force: Exhaustive Key Search

A brute force attack on a cipher tries every possible key until the correct one is found. For a key of n bits, there are 2^n possible keys. With a 3-bit key there are only 8 possibilities; with a 56-bit key there are over 72 quadrillion. The fundamental defence against brute force is choosing keys large enough that exhaustive search is computationally infeasible within any meaningful time frame.

DES and the Keyspace Size Lesson

DES (Data Encryption Standard) uses a 56-bit key, giving a keyspace of approximately 7.2 * 10^16. In 1977 this seemed enormous. By 1998 the EFF's Deep Crack machine broke DES in 56 hours for $250,000. By 2006 a dedicated cluster could break DES in less than 9 days for under $10,000. The lesson was clear: 56 bits was no longer sufficient security against a motivated adversary.

All lessons in this course

  1. How Brute Force Attacks Work
  2. Dictionary Attacks and Rainbow Tables
  3. Why Cryptographic Key Length Matters
  4. Rate Limiting and Account Lockout Defenses
← Back to Cryptology Academy