Dictionary attack
As a dictionary attack ( Engl. Dictionary attack , fr. Attaque par dictionnaire ) refers to the method of cryptanalysis , an unknown password (or username) using a password list (often word list or called dictionary) to be determined.
You use this method when you can assume that the password consists of a meaningful combination of characters. Experience has shown that this is usually the case. This procedure is only promising if as many passwords as possible can be tried out in quick succession.
Possible targets
A distinction is made between active and passive attack objects:
An active target is an entity that checks the correctness of the password and grants or denies access. This is the case, for example, when logging into a website. In the case of active attack objects, the possibilities of the dictionary attack are very limited, since after a certain number of unsuccessful attempts, any further attempt is often prevented (similar to the PIN at the ATM, which can be entered incorrectly a maximum of three times). The attacker also leaves traces in the server's log files.
A passive target is an encrypted text. Here the password is not checked by an instance. The correct password leads directly to the decryption of the text due to the encryption method used. The attacker can try out considerably more passwords in less time. The speed depends on the software and hardware used by the attacker as well as on the encryption algorithm used. Even on well-equipped home computers, several hundred million arithmetic operations per second can easily be carried out. The fastest supercomputer even manages 33.862 quadrillion arithmetic operations per second (as of November 2013).
The active vocabulary of a language is typically 50,000 words. Dozens of languages can thus be checked within a few seconds. A password that only consists of one or two words is therefore very insecure when encrypting texts.
Procedure
Using a special program, the entries in the password list are tried out as a user name or password. It is also possible to use two separate lists for user name and password. Much more common, however, is the use of a “combo list”, a combined list of user name and password in the format “user name: password”. Common programs for automatically testing passwords are John the Ripper and Cain & Abel .
advantages
The typical passwords (especially names or dates of birth) are particularly easy to find with this method. The duration of the execution, which is usually shorter than that of the brute force method , for example due to the smaller number of passwords to be tested , speaks in favor of using this method.
disadvantage
With this method, an attacker relies on a good list of passwords. Since naturally even the best list does not contain all possible passwords, this method cannot find every password. The chance of finding passwords consisting of meaningless strings of characters is particularly small.
Countermeasures
The user's only defense against a dictionary attack is not to use easily guessable passwords. One method of creating passwords with guaranteed entropy is diceware .
To mitigate the effects of an attack, a user should have a separate password for each user account. This means that a password from a "cracked" site cannot be used by others.
The provider should try to slow down the attacker so that he needs as long as possible to try out many passwords. As a rule, a waiting loop is installed for active attack objects after entering an incorrect password. Here, however, the programmer has to ensure that the attacker cannot make several login attempts in parallel or gain access to equivalent passive attack objects. A comparable delay is difficult to achieve with passive targets. A sensible variant is to extend the required password length.
User passwords should not be stored in clear text. Usually only the hash of the password is saved. If an attacker succeeds in gaining possession of this file, he or she cannot do anything with the hashes stored there. He must use the procedure described above under “passive attack objects” by hashing the entries in a dictionary individually and comparing the result with the encrypted password. So that no finished lists with hash value → original word can be used for this, the password is usually extended by a random value, the so-called salt , before hashing . The random value is saved next to the hash.