Dictionary Attack |
|
A dictionary attack consists of trying "every word in the dictionary" as a possible password for an encrypted message. A dictionary attack is generally more efficient than a brute force attack, because users typically choose poor passwords. Dictionary attacks are generally far less successful against systems that use passphrases instead of passwords. Improving Dictionary AttacksThere are two methods of improving the success of a dictionary attack. The first method of improving the success of a dictionary attack is to use a larger dictionary, or more dictionaries. Technical dictionaries and foreign language dictionaries will increase the overall chance of discovering the correct password. The second method of improving the success of a dictionary attack is to perform string manipulation on the dictionary. For example, the dictionary may have the word "password" in it. Common string manipulation techniques will try the word backwards (drowssap), with common number-letter replacements (p4ssw0rd), or with different capitalization (Password). Of course, very small dictionaries may lead to the fastest success, if one or more of the targets is encrypted with a very weak password. A short list of girls names can yield amazing results. A dictionary of potential passwords is more accurately known as a wordlist. If the dictionary attack fails...If an extensive dictionary attack fails, it may be worthwhile to resort to a brute force attack. A brute force attack is more certain to achieve results eventually than a dictionary attack. blog comments powered by Disqus |
Discuss Dictionary Attack in the forums.
