Attacks and brute force
This page needs a recent browser (with SharedArrayBuffer support). Please update Chrome, Edge, Firefox or Safari to the latest version.
How attackers get in
- Beyond malware, attackers use direct attacks. The exam lists several:
- Brute-force attack — trying every possible password until one works.
- Hacking — gaining access without permission, often through a weakness.
Attacks on the network
- Data interception — "listening in" on data as it travels, to steal it (a packet sniffer).
- Denial of Service (DoS) — flooding a server with so many requests that it cannot serve real users.
- A DDoS does this from thousands of machines at once, so it is hard to block.
Why short passwords fail
- A 4-digit PIN has only 10,000 combinations. A computer tries millions per second.
- Below, brute-force a PIN by trying every value — then notice how a longer password would have far more combinations.
The lesson
- Each extra character multiplies the number of guesses needed.
- That is why length is the single most powerful thing about a password — more on that soon.
Covers: IGCSE 5.3 (brute-force, hacking, interception, DDoS).
A 4-digit PIN has only 10000 possibilities — a computer can try them all in an instant. Loop through range(10000) and print the value that equals the secret, then stop.
Click Run to see the output here.