>> A brute force attack that might take hours or days could take minutesor seconds with a dictionary attack.A dictionary attack also involves making a file, but instead of all possibilities of letters,numbers, and symbols, words like those found in a dictionary are listed.These words could be passwords.The dictionary file uses likely possibilities for passwordsand includes letters, numbers, and symbols.Unfortunately, there are lots of people who choose short passwordsthat are common words with simple variations.Attackers will make files containing commonly used passwords.For those of you that think substituting a zero for an "O" or a dollar signfor an "S" is secure, think again.These dictionary files contain different spellings and variationsof commonly chosen passwords including the usage of symbols.That's why this is called a "dictionary attack."Just like a dictionary, we've got a list of words in this file.However, when an attacker steals a password database,these words in the dictionary file are hashed and compared to the stolen password hashes.If a hash of a word from the constructed word file matches a hash from the stolen database,the attacker can simply associate the matching hash with its plain text input.The algorithm, as we mentioned, is never secret, and furthermore,the length of a hash will reveal which algorithm is actually being used.It's even possible to pre-compute the hashes for all entries in the dictionary fileso the plain texts don't need to be hashed with each attempt to crack a password.The most renowned such password file is rockyou.txtwhich contains over 14 million words.
转载于:https://www.cnblogs.com/sec875/articles/10015917.html
相关资源:Hash Crack_ Password Cracking Manual v2.0