Cybersecurity: Brute Force Attacks & Defenses

“If you will not show us the grail, we shall take your castle by force!”

What it’s about

A brute force attack is the process of repeatedly attempting possible combinations to a lock or passcode until the desired outcome is reached.  Have you ever tried all possible combinations on a bike lock after forgetting its combination?  That’s an example of a brute force attack.  

Other examples of brute force attacks include trying all possible PIN (personal identification) numbers to gain access to a cell phone or tablet.  Criminals use brute force to determine ATM card PIN numbers.  Brute force attacks have also been used as a means to determine encryption keys.  In this tutorial, you will experiment with brute force attacks and defenses to counter them: 

  • Attacks
    • Crack a PIN access code programmed into a micro:bit,
    • Crack a cipher intended to keep communication private.
  • Defenses
    • Increasing the number of combinations and adding time delays
    • Using stronger ciphers since shift ciphers like Caesar and ASCII Shift are inherently vulnerable to brute force attacks

Before you start

You will need:

  • Two or more micro:bit modules, on or off a cyber:bot. There is a cyber:bot project at the end, but most of the activities can be done with just two micro:bit modules.
  • Two USB A to Micro B cables
  • One or more computers with:
    • Access to on a Chrome browser
      — or —
    • Mu editor installed
  • Note that is used in this tutorial's screencaptures.

Complete these tutorials first:

After you finish

You will understand the basics of brute force attacks and be able to write scripts that perform those attacks.  You will also be able to modify scripts in apps to strengthen their defenses against brute force attacks.  
You will also be ready to move on to the next tutorials (coming soon!)

  • Cybersecurity: Substitution Attacks & Defenses
  • Cybersecurity: Replay Attacks