- Dictionary attack
In cryptanalysis and computer security, a dictionary attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by searching likely possibilities.
A dictionary attack uses a targeted technique of successively trying all the words in an exhaustive list called a dictionary (from a pre-arranged list of values). In contrast with a brute force attack, where a large proportion key space is searched systematically, a dictionary attack tries only those possibilities which are most likely to succeed, typically derived from a list of words for example a dictionary (hence the phrase dictionary attack) or a bible etc. Generally, dictionary attacks succeed because many people have a tendency to choose passwords which are short (7 characters or fewer), single words found in dictionaries or simple, easily-predicted variations on words, such as appending a digit.
Pre-computed dictionary attack
It is possible to achieve a time-space tradeoff by pre-computing a list of hashes of dictionary words, and storing these in a database using the hash as the key. This requires a considerable amount of preparation time, but allows the actual attack to be executed faster. The storage requirements for the pre-computed tables were once a major cost, but are less of an issue today because of the low cost of disk storage. Pre-computed dictionary attacks are particularly effective when a large number of passwords are to be cracked. The pre-computed dictionary need only be generated once, and when it is completed, password hashes can be looked up almost instantly at any time to find the corresponding password. A more refined approach involves the use of rainbow tables, which reduce storage requirements at the cost of slightly longer lookup times. See LM hash for an example of an authentication system compromised by such an attack.
Pre-computed dictionary attacks can be thwarted by the use of salt, a technique that forces the hash dictionary to be recomputed for each password sought, making precomputation infeasible provided the number of possible salt values is large enough.
- Password cracking
- Password strength
- Key derivation function
- Key stretching
- E-mail address harvesting
Well known examples of dictionary attack software tools:
- Cain and Abel
- Crack by Alec Muffett
- John the Ripper
- Metasploit Project
- THC Hydra
- RFC 2828 – Internet Security Glossary
- RFC 4949 – Internet Security Glossary, Version 2
- RSA BSAFE Crypto-C Glossary
- US Secret Service use a distributed dictionary attack on suspect's password protecting encryption keys
- Library with several attack Dictionaries
- Testing for Brute Force (OWASP-AT-004)
- Dictionary attack on several leaked accounts and access to comprehensive wordlist
Wikimedia Foundation. 2010.
Look at other dictionaries:
Dictionary Attack — Als einen Wörterbuchangriff (engl. dictionary attack, frz. attaque par dictionnaire) bezeichnet man die Methode der Kryptoanalyse, ein unbekanntes Passwort (oder Benutzernamen) mit Hilfe einer Passwörterliste (oft auch wordlist oder dictionary… … Deutsch Wikipedia
dictionary attack — An attack by an intruder that checks passwords in a password file against a list of words likely to be used as passwords. Some versions of this attack check the entire language lexicon. See also brute force attack; denial of service attack; … Dictionary of networking
dictionary attack — noun An attack that uses a list of words (from a dictionary) to try and guess passwords or decryption keys … Wiktionary
dictionary attack — … Useful english dictionary
Dictionary (disambiguation) — A dictionary is a list of words and their meanings. Dictionary may also refer to: Biographical dictionary Encyclopedic dictionary, sometimes titled Dictionary of... for example Data dictionary, a set of metadata that contains definitions and… … Wikipedia
Dictionary Hacking — Als einen Wörterbuchangriff (engl. dictionary attack, frz. attaque par dictionnaire) bezeichnet man die Methode der Kryptoanalyse, ein unbekanntes Passwort (oder Benutzernamen) mit Hilfe einer Passwörterliste (oft auch wordlist oder dictionary… … Deutsch Wikipedia
attack — An attempt to circumvent the security measuresin place on a network either to gain unauthorized access to the system or to force a denial of service. See also brute force attack; dictionary attack; social engineering … Dictionary of networking
dictionary attacker — noun A person or bot that carries out a dictionary attack … Wiktionary
Attack therapy — is a controversial type of psychotherapy evolved from ventilation therapy. It involves highly confrontational interaction between the patient and a therapist, or between the patient and fellow patients during group therapy, in which the patient… … Wikipedia
Attack on Pearl Harbor — Part of the Pacific Theater of World War II … Wikipedia