A dictionary attack is the method of cryptanalysis that identifies an unknown password (or username) using a list of passwords (often called a wordlist or dictionary). This method is used when it can be assumed that the password consists of a meaningful combination of characters. Experience has shown that this is usually the case. This method is only promising if as many passwords as possible can be tried out in quick succession.
At its core, a dictionary attack is a type of brute-force attack that systematically attempts to guess passwords or encryption keys. Unlike traditional brute-force attacks that iterate through every possible combination of characters, dictionary attacks leverage dictionaries or wordlists containing common passwords, phrases, and variations thereof to speed up the guessing process.
Possible Targets of a Dictionary Attack
To this end, a distinction is made between active and passive attack objects. An active attack object is an instance that verifies the correctness of the password and grants or denies access. This is the case, for example, when logging in to a website. In the case of active attack objects, the possibilities of the dictionary attack are very limited, as often after a certain number of failed attempts, any further attempt is prevented (similar to the PIN at the ATM, which can be entered incorrectly a maximum of three times). In addition, the attacker leaves traces in the server’s log files.
---
A passive attack object is an encrypted text. Here, the password is not checked by an instance. The correct password leads directly to the decryption of the text due to the encryption method used. The attacker can try out significantly more passwords in less time. The speed depends on the software and hardware used by the attacker, as well as the encryption algorithm used. Even on well-equipped home computers, several hundred million calculations per second can easily be performed.
The active vocabulary of a language is usually around 50,000 words. This means that dozens of languages can be checked within a few seconds. A password that consists of only one or two words is therefore very insecure when it comes to encrypting texts.
Procedure
A special program is used to try out the entries in the password list as a username or password. It is also possible to use two separate lists for username and password. Much more common, however, is the use of a “combo list”, a combined list of username and password in the format username:password.
Example of such program:
1 | https://github.com/npapernot/dictionary-attack |
Pros & Cons
Especially the typical passwords (especially names or dates of birth) are easy to find with this method. The duration of execution, which is usually shorter than, for example, the brute force method due to the smaller number of passwords to be tested, also speaks in favor of using this method.
With this method, an attacker relies on a good list of passwords. By its very nature, even the best list does not contain all possible passwords, so it is not possible to find every password with this method. The chance of finding passwords consisting of meaningless strings of characters is particularly small.
Countermeasures
The user’s only defense against a dictionary attack is not to use easy-to-guess passwords. To mitigate the impact of an attack, a user should use a unique password for each user account. As a result, a password from one “cracked” site cannot be used by others.
The user/admin should try to slow down the attacker so that he takes as long as possible to try out many passwords. As a rule, a queue is built in for active attack objects after an incorrect password has been entered. Here, however, the programmer must make sure that the attacker cannot make several login attempts in parallel or gain access to equivalent passive attack objects. For passive attack objects, i.e. when the attacker has downloaded the target’s data to their own hardware, a comparable delay is difficult to achieve. A sensible option is to extend the required password length.
Users’ passwords should not be stored in plain text. Usually, only the hash of the password is stored. If an attacker manages to get possession of this file, he will initially not be able to do anything with the hashes stored there.
To prevent the use of ready-made lists with a hash value → the original word (e.g. in the form of so-called rainbow tables), the password is usually extended by a random value, the so-called salt, before hashing. The random value is stored next to the hash. In addition, the calculation of the hash value can be delayed, for example by using an iterative method with several hash rounds, in such a way that this does not cause a significant loss of time for the user when entering the (correct) password once, but a dictionary attack becomes significantly more complex. For this purpose, there are special password hash functions such as Argon2.
