Dictionary attack

From TheAlmightyGuru
Revision as of 17:09, 13 October 2017 by TheAlmightyGuru (talk | contribs) (Created page with "A '''''dictionary attack''''' is form of lookup attack used to crack passwords even when the passwords have been sent through a hash function. The attack is conducted by first...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

A dictionary attack is form of lookup attack used to crack passwords even when the passwords have been sent through a hash function. The attack is conducted by first obtaining hashed passwords, then comparing the hash against a dictionary (a table of popular passwords that have already been hashed using the same function). For example, in the table below, some commonly used passwords have been sent through an MD5 hash function. Even though you can't reverse the hash to derive the original password, you can compare the hash in the dictionary against the hash from the password file to determine the password.

Password MD5 Hash
abc123 E99A18C428CB38D5F260853678922E03
admin 21232F297A57A5A743894A0E4A801FC3
god A4757D7419FF3B48E92E90596F0E7548
password 5F4DCC3B5AA765D61D8327DEB882CF99
password1 7C6A180B36896A0A8C02787EEAFB0E4C
secret 5EBE2294ECD0E0F08EAB7690D2A6EE69

Note that MD5 is not a cryptographically secure hash function and should never be used to store password.

Dictionary attacks are made more difficult to use if the hash function employs a salt value, but the if the salt value is discovered, the dictionary can be regenerated with the same salt.

Links