So I get the more complicated and long the password the harder it is to brute force, but do these programs start with like 111aaa and then go to like 111aab and so forth. Or, are they just trying every combination randomly? If the latter, isn’t there a chance (a very small one) that if it is kinda random that they could break a really good password on like the first try? Similar to winning the lottery? If it’s not random, that has its own issues. I don’t get it. Help.
In: 0
There are many methods, depending on your target, and anything known about the security procedures used by the target.
If I had **data from a data breach that included your email address, and some past passwords** you had used they might feed all those old passwords into cracking attempts. This is a targeted type of bruit force (guessing)
Then there are huge password lists. If we know that the target requires a minimum of 8 characters with a certain character set (8 characters, at least one capital and one number might be required for this web site) then we filter the “common password list” to have a shorter list that meets those criteria and feed those passwords to the target.
Some targets have a standard format for their factory passwords (My ISP uses a 10 digit numeric default password on all wifi routers.) Brute forcing this is basically a long series of feeding it new numbers.
Latest Answers