Learning Through Practice: Developing Cybersecurity Skills and Applying Artificial Intelligence in a Brute-force Attack Simulation
05/06/25
Why Learn About the Brute-force Method?
In today’s world of constant digital connectivity, the ability to understand and protect one’s digital identity has become an essential skill. The brute-force method—one of the simplest approaches to cracking passwords—offers a practical model for exploring the vulnerabilities of computer systems. As part of a structured project activity, students engaged with core cybersecurity concepts, explored how brute-force attacks work, and, through programming and the use of artificial intelligence tools, gained a deeper understanding of the security challenges in digital environments.
The primary goal of this project was to provide students with experiential learning about password vulnerabilities, help them understand the logic behind brute-force attacks, develop a Python program simulating this method, and strengthen their digital literacy through the application of AI tools for code analysis and optimization.
Experience Before Theory
The activity was carefully structured to enable students to progressively acquire knowledge through practical work, experiential learning, and collaborative engagement. The introductory task involved a hands-on experiment where students, working in pairs, attempted to unlock a physical padlock by applying the brute-force approach—systematically testing all possible four-digit combinations from 1 to 9. This tangible activity provided an immediate illustration of brute-force logic and encouraged discussions on problem-solving strategies and ways to optimize the number of attempts.
A Video That Raises Security Awareness
To enhance motivation and introduce the topic of cybersecurity, students were shown a short educational video titled “How to Protect Yourself from Brute-force Password Attacks“. The video was created using InVideo AI, a tool powered by artificial intelligence that generates visual content based on textual input. It simplifies video creation through an AI assistant that suggests scripts, visuals, and improvements, making it an effective resource for engaging students at the beginning of the activity.
Simulating the Attack Digitally
In the second part of the activity, students moved on to a digital simulation. With guided support, they developed a Python program that generates all possible combinations of characters to discover a given target password. Primary code: Basic Python script for brute-force password cracking.
After initial testing, the program was enhanced in several ways: expanding the character set (including numbers and symbols), adding execution time measurement via the time module, and implementing attempt tracking. Through experimentation, students observed how increasing the length and complexity of a password exponentially affects the time required to break it.
To improve and analyze their code, students used artificial intelligence-based tools. AI Python Tutor and AI Code Mentor allowed them to visualize code execution, track variable changes, and identify logical errors. By using these tools, they received personalized feedback, identified and corrected mistakes, and enhanced the structure and efficiency of their code. This process also contributed to a deeper understanding of programming logic and algorithmic design.
To further develop their algorithmic thinking, students worked on two tasks from the international Dabar informatics competition. Task “Connections” illustrated how brute-force methods require 512 attempts in certain logic-based problems and task “Sorting” demonstrated that brute-force becomes impractical when dealing with problems involving millions of combinations. These tasks highlighted the limitations of brute-force techniques and encouraged students to consider the value of more efficient algorithms and heuristic strategies.
Final Reflections: What Did We Learn?
Students were highly engaged throughout all stages of the activity, and their code demonstrated a clear understanding of the brute-force method’s core logic. Many of their programs were further optimized through the integration of extended character sets and time tracking, leading to rich discussions about the practical limitations of brute-force attacks in real-world security scenarios.
Artificial intelligence played a crucial role in extending their knowledge. Through interaction with AI tools, students were able to experiment, observe the effects of their changes in real time, and receive context-aware guidance on improving their code. This approach significantly boosted students’ confidence in programming and introduced them to real-world applications of AI in education and software development.
Through a structured and multi-layered project, students acquired skills in cybersecurity, programming, and artificial intelligence. The significance of this activity lies not only in the technical competencies gained but also in the increased awareness of digital risks. Students learned that password complexity greatly enhances protection against brute-force attacks and, through collaboration and practical application, developed specific recommendations for personal digital safety. This project affirmed that experiential learning—when combined with cutting-edge technologies like AI—can be a powerful approach in modern education and a key element in preparing students for the digital age.
Blog post by Sanja Pavlović Šijanović, Leading Teacher Croatia and Davor Šijanović, Gymnasium Vukovar
