|
  |
|
|
What is a Dictionary Attack
In cryptanalysis and computer security, a dictionary attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by searching a large number of possibilities. In contrast with a brute force attack, where all possibilities are searched through exhaustively, a dictionary attack only tries possibilities which are most likely to succeed, typically derived from a list of words in a dictionary. Generally, dictionary attacks succeed because many people have a tendency to choose passwords which are short (7 characters or fewer), single words in a dictionary, or are simple variations that are easy to predict, such as appending a single digit to a word. Dictionary attacks may be applied in two main situations: * in cryptanalysis, in trying to determine the decryption key for a given piece of ciphertext;
* in computer security, in trying to circumvent an authentication mechanism for accessing a computer system by guessing passwords. In the latter case, the effect of a dictionary attack can be greatly reduced by limiting the number of authentication attempts that can be performed each minute, and even blocking further attempts after a threshold of failed authentication attempts is reached. Generally, 6 attempts is considered sufficient to cope with mistakes made by legitimate users; beyond that, one can safely assume that the user is a malicious attacker. However many systems store a hashed version of the password and make it available under certain circumstances, such as a challenge-response authentication exchange between two parties. If an attacker can obtain the hashed password, they can test guessed passwords rapidly, often at a rate of tens or hundreds of millions of guesses per second. The rate of guessing can be sharply reduced by using a key derivation function that is computationally intensive, such as PBKDF2. Since users often choose easily guessed passwords, this has historically succeeded more than 2 times out of 10 when a reasonably large list is used. Lists of commonly selected passwords are widely available on the Internet as are dictionaries for most human languages (even those no longer used), meaning even the use of foreign words has limited value in preventing dictionary attacks. Spammers often use a form of dictionary attack, sometimes known as a Directory Harvest Attack, for e-mail address harvesting. For example, a spammer may try sending messages to adam@example.com, barbara@example.com, carl@example.com, etc. Any addresses to which messages are delivered, as opposed to being bounced back, can be added to the spammer’s list of known-valid addresses. |
|
 |
|
No reactions yet.
Please login or sign up to rate this intel.
The copyright for this content entitled "What is a Dictionary Attack" has been specified by the contributor as:
All Rights Reserved
This content may not be copied, distributed or adapted by anyone under any circumstances.
|
|
May, 2012
2008
January, February, March, April, May, June, July, August, September, October, November, December
2009
January, February, March, April, May, June, July, August, September, October, November, December
2010
January, February, March, April, May, June, July, August, September, October, November, December
2011
January, February, March, April, May, June, July, August, September, October, November, December
2012
January, February, March, April, May
|
|
Not a member yet?
Qondio is a powerful network for making it online. If you have a website to
promote, we can help.
Sign up and get in on the action.
|
|
Welcome to Qondio! Discover the awesome power this network can deliver by going to our About page. Or you could skip straight to the Sign Up form.
|
|
