Brute Force and Dictionary Attacks

Brute force and dictionary attacks are usually presented together because they are made against the same entity: passwords. Each kind of attack can be waged against a password database file or upon an active logon prompt.

A brute force attack is a try to find passwords for user accounts by systematically trying every potential combination of letters, numbers, and symbols. With the speed of current computers and the ability to use distributed computing, brute force attacks are becoming successful even against strong passwords.

With enough time, all passwords can be detected using a brute force attack process. Most passwords of 14 characters or less can be found within 7 days on a fast OS using a brute force attack program against a captured password database file (the exact time it takes to find passwords is dependent upon the encryption algorithm used to encrypt them).

A dictionary attack is a try to find passwords by trying to use every possible password from a predefined list of general or expected passwords. This kind of attack is named such because the possible password list is so long it is as if you are using the complete dictionary one word at a time to find passwords.

Dictionary attacks are usually successful because of the predictability of human nature to choose passwords based on personal experiences.

Related posts

How to Improve Your Cyber Resilience by Strengthening User Privileges

The Dark Side of Viral Content: How Negative Reviews Can Snowball

Testing Gaming Monetization: Walking the Line Between Profit and Player Experience