I was thinking about using the word brute-forceable to describe something that is able to be brute-forced. I know that brute-force is a verb, and that certain verbs, such as bear or break can be transformed into adjectives like bearable respectively breakable.
And even though I was able to find the word enforceable, I did not find the word forceable.
Question: Can I use brute-forceable? Or does that not make any sense?
Brute-forceable is not in the dictionaries, but, as is noted in the comments by @JanusBahsJacquet, its meaning would be immediately apparent and the word is correctly formed. (That you’re using the word at all implies a context where the reader knows and understands what brute forcing is, so that aspect of things isn’t at issue.)
What’s more, people do actually use brute-forceable.
For example, in a recent answer on Security SE:
Mathematically, AES-256 is harder to crack than AES-128 when used with appropriate key derivation and password generation. Although in practice, 128-bit is already practically not brute forceable, so in practice using more than 128-bit passwords is overkill for most situations.
And in an 2017 article on The Register:
Users might have set PINs, but the console’s helpful there as well: Netspi reckons the number of false attempts in the “reset PIN” function isn’t limited, so it’s brute-forceable. Lovely.
Or, from 2015, in the comments on Ycombinator:
If you store passwords as:
bcrypt(bcrypt(password, salt), pepper)
then you spend a lot of cycles bcrypting your long, random key, which is pointless (it should
already be long enough to be un-brute-forceable), and you lose the
ability to rotate keys or ever stop using this scheme in the future.
It could be argued that these quotes may not be from the most formal of sources (and the writing is at least questionable in the Security SE answer quoted), so I’ve added some further quotes I found with a Google Scholar search:
DES is an antiquated symmetric block cipher standard which relies on 56 bit keys, easily brute forceable with modern hardware.
Wang, Michelle, Matthew Furtney, Andrew Hyer, and Michael Xu. “Keys Under the Welcome Mat 6.857 Final Project Report.” (2014).
They found that many of the vehicle IoT devices do not have adequate
security and often use easily brute forceable pin numbers as authenticator…
Walter, Charles, Matthew L. Hale, and Rose F. Gamble. “Imposing security awareness on wearables.” In Proceedings of the 2nd International Workshop on Software Engineering for Smart Cyber-Physical Systems, pp. 29-35. ACM, 2016.
Therefore, the minimum length Lmin of non brute-forceable
passwords can be estimated as:
Lmin =log (NoGMax*TMax)
Hingmire, Amruta, and Sinju Saliya. “A Multimodal Metric for Password Strength Estimation.”
(Emphasis in the quotes has been added throughout.)
Brute-forceable clearly fulfils a need, helping to make sentences a little less complex and easier to parse, and it is a natural formation, as is evidenced by its multiple occurrences in the wild without any reference dictionary entry.
In summary, people use brute-forceable, it makes complete sense as a word formation, and its meaning is abundantly clear: it doesn’t need to be in a dictionary for you to use it with confidence. Have at it!
P.S. You say you were not able to find forceable listed as a word; forceable does, in fact, appear in some dictionaries, although this is not altogether helpful.
Without giving any particular definition, Collins lists forceable as a derived adjectival form of force, as does Dictionary.com. However, Merriam-Webster cross-references forceable with forcible – meaning effected by force, not capable of being forced – and through its example sentences Dictionary.com makes clear that forceable can, at least, be used in this same unhelpfully violent sense.
However, I wouldn’t worry about any possible confusion with forcible as the context makes it entirely clear that it’s brute forcing and being-able-to-be-brute-forced you are referring to.