HOME

TheInfoList



Click Here for Items Related To - Pre-computed Dictionary Attack
OR:
Pre-computed Dictionary Attack on:   [Wikipedia]   [Google]   [Amazon]

In
cryptanalysis Cryptanalysis (from the Greek ''kryptós'', "hidden", and ''analýein'', "to analyze") refers to the process of analyzing information systems in order to understand hidden aspects of the systems. Cryptanalysis is used to breach cryptographic sec ...
and computer security, a dictionary attack is an attack using a restricted subset of a keyspace to defeat a
cipher In cryptography, a cipher (or cypher) is an algorithm for performing encryption or decryption—a series of well-defined steps that can be followed as a procedure. An alternative, less common term is ''encipherment''. To encipher or encode i ...
or authentication mechanism by trying to determine its decryption key or passphrase, sometimes trying thousands or millions of likely possibilities often obtained from lists of past security breaches.


Technique

A dictionary attack is based on trying all the strings in a pre-arranged listing. Such attacks originally used words found in a dictionary (hence the phrase ''dictionary attack''); however, now there are much larger lists available on the open Internet containing hundreds of millions of passwords recovered from past data breaches. There is also cracking software that can use such lists and produce common variations, such as substituting numbers for similar-looking letters. A dictionary attack tries only those possibilities which are deemed most likely to succeed. Dictionary attacks often succeed because many people have a tendency to choose short passwords that are ordinary words or common passwords; or variants obtained, for example, by appending a digit or punctuation character. Dictionary attacks are often successful, since many commonly used password creation techniques are covered by the available lists, combined with cracking software pattern generation. A safer approach is to randomly generate a long password (15 letters or more) or a multiword passphrase, using a password manager program or manually typing a password.


Pre-computed dictionary attack/Rainbow table attack

It is possible to achieve a time–space tradeoff by
pre-computing In algorithms, precomputation is the act of performing an initial computation before run time to generate a lookup table that can be used by an algorithm to avoid repeated computation each time it is executed. Precomputation is often used in algo ...
a list of hashes of dictionary words and storing these in a database using the hash as the key. This requires a considerable amount of preparation time, but this allows the actual attack to be executed faster. The storage requirements for the pre-computed tables were once a major cost, but now they are less of an issue because of the low cost of
disk storage Disk storage (also sometimes called drive storage) is a general category of storage mechanisms where data is recorded by various electronic, magnetic, optical, or mechanical changes to a surface layer of one or more rotating disks. A disk drive is ...
. Pre-computed dictionary attacks are particularly effective when a large number of passwords are to be cracked. The pre-computed dictionary needs be generated only once, and when it is completed, password hashes can be looked up almost instantly at any time to find the corresponding password. A more refined approach involves the use of
rainbow table A rainbow table is an efficient way to store data that has been computed in advance to facilitate cracking passwords. To protect stored passwords from compromise in case of a data breach, organizations avoid storing them directly, instead transfo ...
s, which reduce storage requirements at the cost of slightly longer lookup-times. ''See'' LM hash for an example of an authentication system compromised by such an attack. Pre-computed dictionary attacks, or "rainbow table attacks", can be thwarted by the use of salt, a technique that forces the hash dictionary to be recomputed for each password sought, making precomputation infeasible, provided that the number of possible salt values is large enough.


Dictionary attack software

*
Cain and Abel In the biblical Book of Genesis, Cain ''Qayīn'', in pausa ''Qāyīn''; gr, Κάϊν ''Káïn''; ar, قابيل/قايين, Qābīl / Qāyīn and Abel ''Heḇel'', in pausa ''Hāḇel''; gr, Ἅβελ ''Hábel''; ar, هابيل, Hāb� ...
* Crack * Aircrack-ng * John the Ripper * L0phtCrack * Metasploit Project * Ophcrack * Cryptool


See also

* Brute-force attack *E-mail address harvesting *
Intercontinental Dictionary Series The Intercontinental Dictionary Series (commonly abbreviated as IDS) is a large database of topical vocabulary lists in various world languages. The general editor of the database is Bernard Comrie of the Max Planck Institute for Evolutionary An ...
, an online linguistic database *
Key derivation function In cryptography, a key derivation function (KDF) is a cryptographic algorithm that derives one or more secret keys from a secret value such as a master key, a password, or a passphrase using a pseudorandom function (which typically uses a crypto ...
* Key stretching *
Password cracking In cryptanalysis and computer security, password cracking is the process of recovering passwords from data that has been stored in or transmitted by a computer system in scrambled form. A common approach (brute-force attack) is to repeatedly try ...
* Password strength


References


External links

* – Internet Security Glossary * – Internet Security Glossary, Version 2
US Secret Service use a distributed dictionary attack on suspect's password protecting encryption keysTesting for Brute Force (OWASP-AT-004)
{{Webarchive, url=https://web.archive.org/web/20200114052332/https://www.owasp.org/index.php/Testing_for_Brute_Force#Brute_force_Attacks , date=2020-01-14 Cryptographic attacks