A dictionary attack is where a hacker will attempt to gain access to a password-protected site or area by using ‘every word in the dictionary’ as a means of guessing the required input.
Such an attack has the potential to be quick to resolve, especially against home computer users, because many people choose incredibly poor passwords that are simply common words or names.
In such instances a dictionary attack will be more efficient than the alternative which is a brute force attack.
Where administrators have employed effective passwords the chances of a dictionary attack succeeding are very slim in comparison.
When a password is simply a word the chances of a dictionary attack successfully discovering what that word is depend very much on it’s length, which language has been used, commonality and the size of the dictionary being employed.
Dictionary attacks can also experience a higher level of success when they utilise string manipulation.
Examples of string manipulation include inserting capitalised letters into words, spelling words backwards and using common number replacements, i.e. replacing the letter ‘a’ with the number ‘4’.
Dictionary attack effectiveness can also depend upon the types of words being checked and the order in which they are tried.
For example, using lists of names can often yield quick results due to the fact that so many people use their own name as their password!
When a dictionary attack proves fruitless the hacker may use less subtle means, such as a brute force attack which I’ll cover in the next post.
Preventing someone from gaining your password, either through brute force or via a dictionary, may be next to impossible.
However, if you choose an effective password you decrease their chances of a quick success which may just cause them to go looking for a softer target.