Page History
...
Info | ||
---|---|---|
| ||
There are two types attacks to break into a password protected system by attempting to guess the password, brute-force and dictionary; these attacks are effectively useless against online systems, even if not secured properly, the latency alone makes them impractical. However, these attacks are very effective against local encrypted files (like your password database, or any other file you encrypt for privacy). Let's compare the two attacks against our two passwords. Let's assume the attacker is using an array of modern processors that is capable of going through Brute Force This technique relies on trying every possible combination of characters until the correct one is guessed, hence the name brute force. If we consider a typical brute force algorithm that attempts to guess the password with the 26 characters of the English alphabet in both upper and lower case, 10 numerical digits, and 33 special characters easily found on a qwerty keyboard, we find:
Dictionary Attack: A dictionary attack aims to address the slowness of a brute force attack by taking advantage of people's tendency to use simple words as their passwords, this relies on the password consisting of a word or two, or it becomes a brute force attack. WeThe English language is rather rich, we'll consider a typical diceware dictionary medium sized "dictionary" of 450,000 words for this attack , which consists of 6^5 (7,776) unique words (note that the bigger the dictionary, the more likely it is to produce a successful guess, and the slower it is, the most popular password cracking dictionary contains 1,493,677,782 words).
|
...