DEV Community

Cover image for Brute Force Attacks and CAPTCHA
Swayam Patnaik
Swayam Patnaik

Posted on • Updated on

Brute Force Attacks and CAPTCHA

In an increasingly interconnected world of digitalisation, security and maintenance of data is the utmost priority. Among the countless existing threats, Brute Force Attacks stand out as a persistent menace. In Brute Force Attack, automated bots are capable of conducting a trial and error method to crack login credentials, passwords, encryption keys, etc. To prevent these attack, we need robust defenses against such attacks. One of such prevention techniques is Enter CAPTCHA.

About Brute Force Attack
Brute Force Attack is one of the existing tactics for gaining unauthorised access to individual accounts, organisations' systems and networks. This method relies on sheer computational power and persistence. Hackers systematically try every possible combination of characters until the find the correct one. There are several softwares available online which can perform a Brute Force Attacks such as John the Ripper and L0phtCrack.
Brute Force Attacks are slower as they have to try every single combinations possible, for example : a five-charactered password typically takes longer to Brute Force as compared to a four-charactered password.However if the target is sufficiently long, it could take months and even years for a Brute Force attacker to crack the target. Currently most of the sites require a longer password which makes it difficult to Brute Force.

CAPTCHA stands for Completely Automated Public Turing test to tell Computers and Humans Apart. It is basically designed to determine whether the end user is a human or a bot/computer program. It involves the methods which ask the users to perform various tasks which can only be solved by a human but will be difficult for the bots such as identifying distorted text, puzzle solving, selecting images as per the instructions and many more.
When the server will notice too many login attempts or registration attempts, it will suspect it as a Brute Force Attack even though the end user might be a Human. To verify the end user, it produces a CAPTCHA which will identify whether the user is a Human or a Bot. Some examples of CAPTCHA are Text-Based CAPTCHA, ReCAPTCHA, 3DCAPTCHA, Mathematical CAPTCHA, Image-Based CAPTCHA.

As we have explored in this article, the symbiotic relationship between Brute Force Attacks and CAPTCHA depicts the ongoing battle between the attackers and defenders in cyberspace. While the former tries to exploit weakness in security protocols, the latter serves as a preserver.

Top comments (1)

ashirvad_47 profile image
ashirvad samanta

Good read 🙌