Brute Force Attack
What Is a Brute Force Attack?
In contrast to other attack vectors that focus on social engineering or complex software exploits, brute force attacks primarily rely on raw computing power and repeated guessing. An attacker uses automated software to try a login screen or an encrypted file with as many guesses as the target and attacker’s resources allow.
Think of it like a thief trying to open a four-digit combination padlock. Rather than trying to pick the lock, they simply start at 0000, then 0001, 0002, and so on until the shackle pops open.
In the digital asset space, brute force attacks are often used to target account passwords or device PINs. However, because modern encryption uses such vast numbers of combinations, a true brute force attack against a standard 24-word recovery phrase would be infeasible with current computing power.
How Do Brute Force Attacks Work?
There are several variations of brute force attacks that researchers and malicious actors use:
- Simple Brute Force: Systematically trying every possible character combination.
- Dictionary Attack: Using a list of common words, leaked passwords, and popular phrases instead of random characters.
- Credential Stuffing: Using lists of usernames and passwords stolen from other websites, assuming users have reused their credentials.
Brute force testing and hardware-level research are some of the tools in the Ledger Donjon’s offensive arsenal. As Ledger’s internal team of white-hat hackers, the Donjon utilizes these techniques to stress-test hardware and software across the entire crypto ecosystem, helping to identify where sensitive data might be vulnerable.
