Brute-forcing is a methodology in which to “crack” secure coding. In 2017, Google released a method for cracking the SHA1 algorithm or made it public. In 2012, over six million LinkedIn accounts were hacked because SHA1 hashed passwords were cracked.
How is this possible? Imagine that, in your spare time, you discover that the password to a website was something simple – let’s say your name, for instance. SHA1 creates the hash based on the values input. From here, you progressively go in alphabetical order of names before you make that “discovery” of the correct password corresponding to the hash.
Brute-forcing is very time-intensive. A standard English (U.S.) keyboard contains 52 letters – 26 uppercase and 26 lower cases, 10 numbers, and 32 special characters for a total of 94 characters. If your password is only one character long, it could potentially take you 94 tries to “guess” a password or use brute-force to obtain the password.
Most websites recommend that passwords consist of 8-10 (or more) characters, including an uppercase letter, lowercase letter, number, special character, something that is not in the dictionary, or personal information, such as your name, birthday, or social security number.
Knowing that a one-character password has 94 possibilities, a standard 8-character password would look something like this:
94 × 94 × 94 × 94 × 94 × 94 × 94 × 94 = 6,095,689,385,410,816
Yes – that’s 6,095,689,385,410,816 (over six ) possible character combinations for one 8-character password! The longer the password, the larger the number. Even using computers to crack this hash would take years to find just one password to match.
In the realm of cryptocurrency, let’s assume that, during transactions, you will record every detail of the transaction – sender, receiver, date, time, amount, etc. All of this data would be compiled into one SHA256 hash, and with endless possibilities, this hash is simply irreversible. Even something as simple as changing the time of the transaction by one minute changes the output of the entire algorithm.