Talk:Dictionary attack

From Wikipedia, the free encyclopedia

decoller le culot

There is a practice often use in non-english speaker to avoid dictionary attack; as many applications take ASCII as an input, one would simply "see" keyboard in non-english layout and type in non-english "dictionary" word on English keyboard. for example, word "love" translate in Thai would be "ความรัก", by type in Thai word with american keyboard layout, one's password would be "8;k,iyd"

Should this informaiton be included in the article? Currently the article said "Dictionaries for most human languages (even those no longer used) are easily accessible on the Internet, meaning even the use of foreign words is practically useless in preventing dictionary attacks." It leads reader to the believe that dictionary attack is always possible if user use "dictionary" word in any language.underexpose 06:05, 13 July 2006 (UTC)

---

Was it the German word eins or the string eins that the Enigma researchers fixed on? The word means "one" or "one thing", but the string is in many many German words. Ortolan88

The impression I received from British accounts was that the word was most important. GABaker

Yes, it was the word eins that was so very important. This is because the Enigma machine didn't have numerals on the keyboard, so all numbers had to be spelled out. Throbbing_Monster_Cock

---

I've just noticed the claim about eins as a crib used at BP against Enigma traffic. While every credible reference I've seen on BP/Enigma has mentioned this and so it's certainly worth mentioning, I have another thought altogether. Is this an instance of a dictionary attack at all?

At first thought (subject to revision on second thought), a dictionary attack is the repeated trying of possibilities by running through some previously prepared list (unreleated except accidentally by the choice of some user (a password, etc)) against some needed access value (eg, an encrypted password). Thus, with origninal Unix password files, the encrypted password+salt is stored in clear, and 'everyone' knows the encryption technique, so all depends (in accordance with Shannon's Maxim that the enemy knows the system) on the secrecy of the password. If that word is in some list (eg, a dictionary), then each item in the list can be tried in turn.

That's not what's happening in the eins case. Is this a dictionary attack? ww 14:37, 1 May 2004 (UTC)

I think it's a "probable word" attack, rather than a dictionary attack. — Matt 09:58, 2 May 2004 (UTC)

Matt, Agreed. It's a variant of known plaintext attack. ww 16:57, 2 May 2004 (UTC)

[edit] Pre-computed dictionary attack

Clarification needed: the sentence, 'This requires a considerable amount of preparation time, but makes the actual attack almost instantaneous,' does not agree with the earlier statement, 'the effect of a dictionary attack can be greatly reduced by limiting the number of authentication attempts that can be performed each minute, and even blocking further attempts after a threshold of failed authentication attempts is reached'.

If a 'small' number of attempts can be made in a given time interval, or a limited number of attempts can be made before further attempts are blocked, at least one of which is standard practice in most logon situations, it is not also possible for the actual attack to be 'almost instantaneous'. Some qualification is required about the circumstances in which a pre-computed dictionary attack adds any value to the attacker.

[edit] hacking passwords

[edit] Wordlists

We should, at some point, link to some wordlists which can be used for security auditory purposes.-- Roc Vallès^Talk|Hist - 09:03, 27 October 2006 (UTC)