A **brute force attack** is any type of attack that involves trying every possible combination of characters or data in order to find the key in order to decrypt an encrypted message.

A brute force attack is usually used as a last-resort tactic in a cryptanalysis scenario, as it very much involves extreme amounts of trial and error and relies on a lot of luck in order to find the key. A brute force attack is different from a dictionary attack, as it does not rely on a dictionary and simply tries every possible key that could be used.

For example, if the length of the key is known to be 5 alphabetic characters, a brute force would try every possible combinations from a – z.

`aaaaaa aaaaaab aaaaaac ... zzzzzx zzzzzy zzzzzz`

A brute force guarantees finding the key – it’s trying every possible combination and does not rely on any potentially incomplete dictionaries or lists of possible keys. By definition, trying every possible value will inveitably result in finding the key - the downside is that it takes a long time. Even for smaller keyspaces a brute force can take many days at minimum depending on available computational power – and modern encryption is designed such that brute force attacks would take potentially as long as billions of years on currently available computational power. Technically possible, but brute force is no longer seen as a practical way of breaking encryption mechanisms.