A brute-force attack is an attack in which every possible key is tried in turn in an attempt to discover the key with which the document has been encrypted.
The CPU time required increases very drastically as the key length is increased.
CrypTool offers a brute-force attack to be carried out. The key range to be searched through is entered in the Key range dialog.
To perform an attack successfully in an appropriate time, some conditions must be fulfilled:
The document is a text file containing normal language texts and is not too short (>1000 characters long).
The first 128 characters at the beginning of the according cleartext document (this number can be adjusted in the dialog Analysis Options) are not too uniquely distributed (see histogram and entropy). This applies to most documents which are not compressed.
The key range, which has 2^128 and more possibilities with modern symmetric algorithms, can be cut down. So we make the assumption: Parts of the key are known, e.g. because the user did not choose the key by random, or because the attacker somehow got the knowledge, or because the random number generator does (by will) not use the full key range.
The key will always be found if the document fullfills the above requirements.