What Are Brute Force and Dictionary Based Attacks

Password attacks are to a great degree common, as they are anything but difficult to perform and regularly result in a successful intrusion. There are two basic types of password guessing that can be performed: brute force or dictionary-based attacks.



What Is Brute Force Attacks



Brute force, refers to trying as many password combinations as possible until hitting on the right one.  It is a method commonly used to obtain password. While the exact number of characters in a password is usually unknown, most passwords can be estimated to be between four and 16 characters. Though massively large, the number of possible password combinations is finite and is therefore vulnerable to brute force attack.

Brute force attempts to discover passwords usually involve stealing a copy of the username and hashed password listing and then methodically encrypting possible passwords using the same hashing function. If a match is found, then the password is considered cracked. Some variations of brute force techniques involve simply passing possible passwords directly to the system via remote login attempts. They tend to be extremely slow.





What Is Dictionary Based Attacks



Simple passwords such as any individual word in a language make the weakest passwords because they can be cracked with an elementary dictionary attack. In this type of attack, long lists of words of a particular language called dictionary files are searched to find a match to the encrypted password. More complex passwords that include letters, numbers, and symbols require a different brute force technique that includes all printable characters and generally take much longer to run.



Did you find this tutorial helpful? Don’t forget to share your views with us.