In our last post we discuss on Brute Force Attack. So Today we discuss about Dictionary attack.
Dictionary attack is the part of cryptanalysis and in this we break the secure password by entering every word from a dictionary as a password. A dictionary attack can also be used in an attempt to find the key necessary to decrypt an encrypted message or document.
A dictionary attack is more efficient than Brute Force Attack because it will take less time and victim chooses ordinary words as passwords such as smoking, playground, password etc.
In dictionary attack it uses a targeted technique of successively trying all the words in an exhaustive list called a dictionary, instead in brute force attack it will systematically check all possible key space. i.e. dictionary attack tries only those possibilities which are most likely to succeed but in brute force attack it will check all the possibilities of words.
How to increase Security against Dictionary Attack:
There are two ways to secure your password against online dictionary attacks.
- Delayed response: Given a login-name/password pair the server provides a slightly delayed yes/no answer (say not faster than one answer per second). This should prevent an attacker from checking sufficiently many passwords in a reasonable time.
- Account locking: Accounts are locked a few unsuccessful login attempts (for example, an account is locked for an hour after three unsuccessful attempts.) Like the previous measure, this measure is designed to prevent attackers from checking sufficiently many passwords in a reasonable time.