Will a Dictionary Attack Find Your Password?
January 26, 2011
As a personal objection to the whole password problem, many people use a word that’s easy to remember. The most common words used, according to some security experts are “password” and “password1.” Some people use a common date.
These are no match for a dictionary attack.
A dictionary attack uses a targeted technique of successively trying all the words in an exhaustive list called a dictionary (from a pre-arranged list of values). Automated password-cracking tools can check more than a million password variations.
Passwords composed of random strings of upper and lower case letters, numbers and punctuation can usually withstand an attack, but they are hard to remember.
Some tactics that will create a difficult-to-break password that is easy to remember include:
* Two words connected by a number can withstand many attacks.
* Take the first letter of each word in a phrase and add a number or symbol and a capital letter. For “You have no chance”: Yhnc#72.
There is also a variant of the Dictionary Attack, called Hybrid Dictionary Attack that increases the probability of success. In this case, the password cracker checks all words in the dictionary along with its variations. These can be, for example, the same words with different digits added to them. Hybrid Dictionary Attack is noticeably slower than Dictionary Attack. If the variations include words with two digits appended to them, then the process is 100 times slower. In case of 4 digits appended, it can be 10,000 times slower.
Comments
Got something to say?
