[CCCure CISSP] Access Control - Brute Force Attack

Ali Jawad alijawad1 at gmail.com
Mon Feb 22 10:33:14 EST 2010 

Hi
Well there has been alot of chit chat about this and but the answer is 10000
and not any of the other answers.

Determining the Difficulty of a Brute Force Attack

The difficulty of a brute force attack depends on several factors, such as:

   - How long can the key be?
   - How many possible values can each component of the key have?
   - How long will it take to attempt each key?
   - Is there a mechanism which will lock the attacker out after a number of
   failed attempts?

As an example, imagine a system which only allows 4 digit PIN codes. This
means that there are a maximum of 10,000 possible PIN combinations.


http://www.topbits.com/brute-force-attack.html


However it is easier than that to conclude.


Another method for 10000
As said before by a poster, 0-9 for each digit value is 10 values
10x10x10x10 = 10000 possible values.


This is the CORRECT result, forget about mathematics got another
interpretation, we have 4 digital values, we can start counting from 0000
and reach 9999, so we have 9999 values + 1 value that is 0000, so the total
number of choices is 9999 + 1  = 10000

Regards


On Mon, Feb 22, 2010 at 6:10 PM, Ahsan Khan <ahsankamal251 at gmail.com> wrote:

> Greetings Hai,
>
> Very nicely interpreted.
>
> Regards,
> MavKhan
>
>
> On Mon, Feb 22, 2010 at 12:24 PM, Hai Tiet Kim <tietkimhai at gmail.com>wrote:
>
>> Hi,
>>
>> If the correct answer is B then we will understand the question as
>> follows:
>>
>> "If the password is made up of *A MAXIMUM* of 4 numeric characters, how
>> many attempts
>>     needed for a successful brute force attack?"
>>
>> So we will have 10^4 + 10^3 + 10^2 + 10^1 = 11110 choices.
>>
>> Best regards,
>> Hai
>>
>> On Mon, Feb 15, 2010 at 12:05 AM, Nimal Gunarathna <ng949 at yahoo.com>wrote:
>>
>>>  Hello Everyone, I have a question for you all?
>>>
>>> 1. If the password is made up of 4 numeric characters, how many attempts
>>>     needed for a successful brute force attack?
>>>
>>> A. 10000
>>> B. 11110
>>> C. 1024
>>> D. 11100
>>>
>>> *What I think: *
>>> Every numeric character has 10 choices. Then 4 characters 10^4 = 10000
>>> choices and
>>> the answer should be A.  But the right answer is B. How is that possible?
>>>
>>>
>>>
>>> _______________________________________________
>>> CISSPstudy mailing list
>>> CISSPstudy at cccure.org
>>> http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
>>>
>>>
>>
>> _______________________________________________
>> CISSPstudy mailing list
>> CISSPstudy at cccure.org
>> http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
>>
>>
>
> _______________________________________________
> CISSPstudy mailing list
> CISSPstudy at cccure.org
> http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cccure.org/pipermail/cisspstudy_cccure.org/attachments/20100222/e65e894a/attachment.html>

More information about the CISSPstudy mailing list