 |
Intel Contributor
|
 |
|
Intel Classification
|
|
|
This intel has been classified as Existing Authored Content, which means it was authored by the contributor, and first appeared on the contributor's blog or website.
|
|
Intel Calendar
|
|
December, 2008
| 1 | 2 | 3 | 4 | 5 | 6 | 7 |
| 8 | 9 | 10 | 11 | 12 | 13 | 14 |
| 15 | 16 | 17 | 18 | 19 | 20 | 21 |
| 22 | 23 | 24 | 25 | 26 | 27 | 28 |
| 29 | 30 | 31 | | | | |
|
January, February, March, April, May, June, July, August, September, October, November, December
|
|
Sign Up!
|
|
|
Not a member yet? You're missing out on one of the most powerful website promotion resources on the web. Sign up and join the party.
|
|
About Qassia
|
|
|
Find out more about Qassia by reading our About Us page, if you haven't done so already. Or you could skip straight to the Sign Up form.
|
|
|
   |  PRINT THIS INTEL  EMAIL THIS INTEL |
|
What is a Dictionary Attack
In cryptanalysis and computer security, a dictionary attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by searching a large number of possibilities. In contrast with a brute force attack, where all possibilities are searched through exhaustively, a dictionary attack only tries possibilities which are most likely to succeed, typically derived from a list of words in a dictionary. Generally, dictionary attacks succeed because many people have a tendency to choose passwords which are short (7 characters or fewer), single words in a dictionary, or are simple variations that are easy to predict, such as appending a single digit to a word. Dictionary attacks may be applied in two main situations: * in cryptanalysis, in trying to determine the decryption key for a given piece of ciphertext;
* in computer security, in trying to circumvent an authentication mechanism for accessing a computer system by guessing passwords. In the latter case, the effect of a dictionary attack can be greatly reduced by limiting the number of authentication attempts that can be performed each minute, and even blocking further attempts after a threshold of failed authentication attempts is reached. Generally, 6 attempts is considered sufficient to cope with mistakes made by legitimate users; beyond that, one can safely assume that the user is a malicious attacker. However many systems store a hashed version of the password and make it available under certain circumstances, such as a challenge-response authentication exchange between two parties. If an attacker can obtain the hashed password, they can test guessed passwords rapidly, often at a rate of tens or hundreds of millions of guesses per second. The rate of guessing can be sharply reduced by using a key derivation function that is computationally intensive, such as PBKDF2. Since users often choose easily guessed passwords, this has historically succeeded more than 2 times out of 10 when a reasonably large list is used. Lists of commonly selected passwords are widely available on the Internet as are dictionaries for most human languages (even those no longer used), meaning even the use of foreign words has limited value in preventing dictionary attacks. Spammers often use a form of dictionary attack, sometimes known as a Directory Harvest Attack, for e-mail address harvesting. For example, a spammer may try sending messages to adam@example.com, barbara@example.com, carl@example.com, etc. Any addresses to which messages are delivered, as opposed to being bounced back, can be added to the spammer’s list of known-valid addresses. |
| Copyright Notice: All Rights Reserved. | |
Added by zanzistor on March 31, 6:14 PM.
PLEASE VISIT THE CONTRIBUTOR'S WEBSITE
Please login or sign up to rate this intel.
 |
|
|
Crawled [11/30] - We promised all users participating in the Sticker Mania Promo ...
|
|
|
 |
|
 |
|
