What Is a Dictionary Attack?
When cracking a password or key, try one by one the possible passwords (words or phrases) in a user-defined dictionary. The difference from brute-force cracking is that brute-force cracking will try all possible combinations of passwords one by one, while dictionary attacks will use a predefined list of words (possible passwords).
- Chinese name
- Dictionary attack
- Foreign name
- Dictionary Attack
- nickname
- Dictionary attack
- Hackers understand the authentication method (including authentication protocol and address, port, etc.). Just like a thief needs to know where the warehouse is, is the big copper lock or password lock hanging on the door, or even iris or fingerprint recognition? Holding a bunch of metal keys to open a fingerprint lock is obviously unrealistic.
- Hackers have a relatively comprehensive password set, which contains various common weak passwords, or combination passwords that often appear on the target system, or password sets that have been leaked by the target system. Only then will there be more opportunities to try. A dictionary attack is usually time consuming, especially if the target system password is not so common.
- Password settings are more robust (with sufficient length and contain various types of letters, numbers, symbols, etc.) and are updated more frequently. This can reduce the chance of successful guessing by dictionary attacks.
- Adopt a more effective intrusion detection mechanism against dictionary attacks. If a client frequently sends authentication requests to the system and fails, the system should promptly alert the administrator, initiate analysis and investigation, and change new passwords if necessary.
- The use of more robust encryption algorithms and strategies makes conventional dictionary attacks difficult to take effect.
- When cracking a password or key, try one by one the possible passwords (words or phrases) in a user-defined dictionary. The difference from brute-force cracking is that brute-force cracking will try all possible combinations of passwords one by one, while dictionary attacks will use a predefined list of words (possible passwords).
Dictionary Attack Introduction to Dictionary Attack
- On a dark night with a high moon, a thief took a bunch of keys stolen from the warehouseman, avoided the sentry, touched the warehouse, and looked at the big lock hanging on the gate of the warehouse. Obviously, the most direct method is to try it one by one until it is opened, or all the keys cannot be opened, and nothing happens.
- This thing is a bit mechanically boring for the thief, and there is a danger of being caught for a long time. But such repetitive labor is suitable for computers to do-yes, this method is the prototype of "dictionary attacks" in the field of network security.
- When the hacker was told to provide a password when trying to enter the target system, and he did not know it (just as the thief above was not sure which key was), he could use this method: set the favorite password set (This password set may contain tens of thousands of alternative passwords) Entered into his program, and sequentially initiates an authentication request to the target system until a password can be authenticated-or all these passwords are invalid, declare this method Fail and end this intrusion (or continue to look for other weaknesses in the system).
- Dictionary attack diagram
Key elements of dictionary attacks
- Analyzing the above scenario, a dictionary attack requires two elements:
Dictionary Attack Prevention
- So how can the target system be improved to avoid the risk of intrusion from dictionary attacks?