<P> As commercial successors of governmental ASIC solutions have become available, also known as custom hardware attacks, two emerging technologies have proven their capability in the brute - force attack of certain ciphers . One is modern graphics processing unit (GPU) technology, the other is the field - programmable gate array (FPGA) technology . GPUs benefit from their wide availability and price - performance benefit, FPGAs from their energy efficiency per cryptographic operation . Both technologies try to transport the benefits of parallel processing to brute - force attacks . In case of GPUs some hundreds, in the case of FPGA some thousand processing units making them much better suited to cracking passwords than conventional processors . Various publications in the fields of cryptographic analysis have proved the energy efficiency of today's FPGA technology, for example, the COPACOBANA FPGA Cluster computer consumes the same energy as a single PC (600 W), but performs like 2,500 PCs for certain algorithms . A number of firms provide hardware - based FPGA cryptographic analysis solutions from a single FPGA PCI Express card up to dedicated FPGA computers . WPA and WPA2 encryption have successfully been brute - force attacked by reducing the workload by a factor of 50 in comparison to conventional CPUs and some hundred in case of FPGAs . </P> <P> AES permits the use of 256 - bit keys . Breaking a symmetric 256 - bit key by brute force requires 2 times more computational power than a 128 - bit key . Fifty supercomputers that could check a billion billion (10) AES keys per second (if such a device could ever be made) would, in theory, require about 3 × 10 years to exhaust the 256 - bit key space . </P> <P> An underlying assumption of a brute - force attack is that the complete keyspace was used to generate keys, something that relies on an effective random number generator, and that there are no defects in the algorithm or its implementation . For example, a number of systems that were originally thought to be impossible to crack by brute force have nevertheless been cracked because the key space to search through was found to be much smaller than originally thought, because of a lack of entropy in their pseudorandom number generators . These include Netscape's implementation of SSL (famously cracked by Ian Goldberg and David Wagner in 1995) and a Debian / Ubuntu edition of OpenSSL discovered in 2008 to be flawed . A similar lack of implemented entropy led to the breaking of Enigma's code . </P> <P> Credential recycling refers to the hacking practice of re-using username and password combinations gathered in previous brute - force attacks . A special form of credential recycling is pass the hash, where unsalted hashed credentials are stolen and re-used without first being brute forced . </P>

Brute force attack against a 10 bit key