Brute Force Attack

Brute force attacks exhaust a candidate space by trial. Online variants hammer authentication endpoints with guesses, while offline variants run against stolen hashes using GPUs, FPGAs, or rented cloud compute. The feasibility depends on the size of the keyspace, the work factor of any password-hashing algorithm (Argon2, bcrypt, scrypt, PBKDF2), and operational controls like rate limiting and account lockout. Defences include strong, unique credentials, salted memory-hard hashing, MFA, exponential back-off, IP/device throttling, web-application firewalls, and monitoring for anomalous authentication patterns. Cryptographic keys should use sufficiently large sizes (e.g. 256-bit symmetric, 3072-bit RSA or equivalent ECC).