Editing Dictionary attack

{{short description|Technique for defeating password protection using lists of likely possibilities}}
{{More citations needed|date=February 2018}}

In [[cryptanalysis]] and [[computer security]], a '''dictionary attack''' is an attack using a restricted subset of a keyspace to defeat a [[cipher]] or authentication mechanism by trying to determine its decryption key or [[passphrase]], sometimes trying thousands or millions of likely possibilities<ref>{{Cite journal|last1=Junghyun Nam|last2=Juryon Paik|last3=Hyun-kyu Kang|last4=Ung Kim|last5=Dongho Won|date=2009-03-01|title=An off-line dictionary attack on a simple three-party key exchange protocol|url=https://ieeexplore.ieee.org/document/4799025|journal=IEEE Communications Letters|volume=13|issue=3|pages=205–207|doi=10.1109/LCOMM.2009.081609|issn=1089-7798|url-access=subscription}}</ref> often obtained from lists of past security breaches.

==Technique==
A dictionary attack is based on trying all the strings in a pre-arranged listing. Such attacks originally used words found in a dictionary (hence the phrase ''dictionary attack'');<ref>
Jeff Atwood.
[https://blog.codinghorror.com/dictionary-attacks-101/ "Dictionary Attacks 101"].
</ref> however, now there are much larger lists available on the open Internet containing hundreds of millions of passwords recovered from past data breaches.<ref>[https://crackstation.net/crackstation-wordlist-password-cracking-dictionary.htm CrackStation's list]. e.g., with over 1.4 billion words.</ref> There is also cracking software that can use such lists and produce common variations, such as [[leet | substituting numbers for similar-looking letters]]. A dictionary attack tries only those possibilities which are deemed most likely to succeed. Dictionary attacks often succeed because many people have a tendency to choose short passwords that are ordinary words or common passwords; or variants obtained, for example, by appending a digit or punctuation character. Dictionary attacks are often successful, since many commonly used password creation techniques are covered by the available lists, combined with cracking software pattern generation. A safer approach is to randomly generate a long password (15 letters or more) or a multiword [[passphrase]], using a [[password manager]] program or manually typing a password.

Dictionary attacks can be deterred by the server administrator by using a more computationally expensive hashing algorithm. [[Bcrypt]], [[scrypt]], and [[Argon2]] are examples of such resource intensive functions that require significant computational power to process,<ref>{{Cite web |title=Key Stretching Algorithms: Basics, Algorithms & Techniques |url=https://bootcampsecurity.com/blog/key-stretching-algorithms-basics-algorithms-techniques/ |website=Bootcamp Security|date=29 September 2024 }}</ref> allowing for large improvements in security against dictionary attacks. While other hashing functions, such as [[Secure Hash Algorithms|SHA]] and [[MD5]], are much faster and less expensive to compute, they can still be strengthened by being applied multiple times to an input string through a process called [[key stretching]]. An attacker would have to know approximately how many times the function was applied for a dictionary attack to be feasible.

==Pre-computed dictionary attack/Rainbow table attack==
It is possible to achieve a [[time–space tradeoff]] by [[pre-computing]] a list of [[Cryptographic hash function|hashes]] of dictionary words and storing these in a database using the hash as the [[Unique key|key]]. This requires a considerable amount of preparation time, but this allows the actual attack to be executed faster. The storage requirements for the pre-computed tables were once a major cost, but now they are less of an issue because of the low cost of [[disk storage]]. Pre-computed dictionary attacks are particularly effective when a large number of passwords are to be cracked. The pre-computed dictionary needs be generated only once, and when it is completed, password hashes can be looked up almost instantly at any time to find the corresponding password. A more refined approach involves the use of [[rainbow table]]s, which reduce storage requirements at the cost of slightly longer lookup-times. ''See'' [[LM hash]] for an example of an [[Authentication protocol|authentication system]] compromised by such an attack.

Pre-computed dictionary attacks, or "rainbow table attacks", can be thwarted by the use of [[Salt (cryptography)|salt]], a technique that forces the hash dictionary to be recomputed for each password sought, making [[precomputation]] infeasible, provided that the number of possible salt values is large enough.<ref>{{Cite web|title=CAPEC - CAPEC-55: Rainbow Table Password Cracking (Version 3.5)|url=https://capec.mitre.org/data/definitions/55.html|access-date=2021-09-12|website=capec.mitre.org}}</ref>

==Dictionary attack software==
*[[Cain and Abel (software)|Cain and Abel]]
*[[Crack (password software)|Crack]]
*[[Aircrack-ng]]
*[[John the Ripper]]
*[[Hashcat]]
*[[L0phtCrack]]
*[[Metasploit Project]]
*[[Ophcrack]]
*[[Cryptool]]

==See also==
*[[Brute-force attack]]
*E-mail address harvesting
*[[Intercontinental Dictionary Series]], an online linguistic database
*[[Key derivation function]]
*[[Key stretching]]
*[[Password cracking]]
*[[Password strength]]

==References==
{{Reflist}}

==External links==
{{Wiktionary}}

*{{IETF RFC|2828|link=no}} – Internet Security Glossary
*{{IETF RFC|4949|link=no}} – Internet Security Glossary, Version 2
*[https://www.washingtonpost.com/wp-dyn/articles/A6098-2005Mar28.html US Secret Service use a distributed dictionary attack on suspect's password protecting encryption keys]
*[http://www.owasp.org/index.php/Testing_for_Brute_Force#Brute_force_Attacks Testing for Brute Force (OWASP-AT-004)] {{Webarchive|url=https://web.archive.org/web/20200114052332/https://www.owasp.org/index.php/Testing_for_Brute_Force#Brute_force_Attacks|date=2020-01-14}}

[[Category:Cryptographic attacks]]