Cyber Security: Dictionary attacks

A dictionary attack is a form of 'brute force' attack.

In a dictionary attack, a computer will be made to attempt to log into an account by working its way through one or more 'dictionaries'. Each entry in the dictionary is a possible password and if it doesn't work, the computer moves on to the next one.

Dictionaries need not be limited to the familiar A–Z references of words in a language.

A concerted dictionary attack will also include more specialised reference works such as:

atlases,

lists of astronomical bodies

characters from literature,

lists of the most commonly used passwords

lists of stolen passwords that are in widespread circulation.

Dictionary attacks can also be performed on the hashed values of words; they may take a little longer, but they will still work witch patience.

Sometimes the hacker is able to use a premade list of phrases that is based on research of the target (often got from social media accounts or playing of 'games' on Facebook). They then make slight variations to these - slightly altering words or adding common character combinations. They then run these against a specific username.

System administrators often set up 'dictionary attacks' on their own users' passwords to try to identify weak passwords that should be changed.

Dictionary and brute force attacks can be foiled by having computer systems watch for unsuccessful attempts to log in to accounts. Almost all computer systems restrict the number of unsuccessful logins after which the account is locked and can only be accessed after the intervention of an administrator.