Results 1 to 7 of 7

Thread: What is dictionary attack in programming language?

  1. #1
    Join Date
    Sep 2010
    Posts
    23

    What is dictionary attack in programming language?

    I have heard about the dictionary attack many times while learning the MySQL and PHP programming language. But I am not having any knowledge about it. Since, you members provide information with proper concept, I thought to post it here. I want to know what is dictionary attack in programming language? Please let me know, when we use this method. Any other notes related to the topic would be helpful for me.

  2. #2
    Join Date
    Nov 2008
    Posts
    94

    Re: What is dictionary attack in programming language?

    As a dictionary attack is the method of cryptanalysis, an unknown password (or username) using a password list (often called dictionary or word list) to decrypt. We used this method when you can assume that the password consists of a meaningful combination of characters. This is according to experience, usually the case. Another promising, this method is only if as many passwords can be tried quickly. Dictionaries are popular files in file sharing, such as eDonkey. This distinction is made between active and passive objects of attack, An active object is an instance of attack, which the correctness of the password is verified and access granted to or denied. This is for example when logging onto a Web page of the case. In active attack objects dictionary attack, the possibilities of the highly limited because a certain number of unsuccessful attempts at any further attempt will be prevented by common (similar to the PIN at the ATM, more than three times can be entered incorrectly). In addition, the attacker leaves traces in the log files of the server. A passive object of attack is defined as an encrypted text. The password is not checked by an instance. The correct password out because of the encryption method used directly to decrypt the text. The attacker can try out here a lot more passwords in less time. The speed depends on the attacker used software and hardware and of the encryption algorithm used. Even in well-equipped home computers, millions of operations per second performed several hundred other without. The fastest supercomputer even manages 1.026 quadrillion calculations per second.

  3. #3
    Join Date
    Apr 2009
    Posts
    91

    Re: What is dictionary attack in programming language?

    Through a special program that displays the password list as the user name or password are tried. It is also possible to use two separate lists for username and password. Much more often, however, is to use a "combo-list", a combined list of user name and password, such a format:
    Username: Password
    In particular, the typical passwords (especially names or birth dates) are using this method to find. The duration of works, which are usually smaller number of passwords to be tested is less than, say, the result of brute-force method, speaks of using this method. Also there are some disadvantages, in this method, you are very dependent on a good password list. As naturally even the best list does not contain all possible passwords can be found with this method, not every password. Particularly small the chance, passwords that consist of rows of meaningless characters is found. In addition, the passwords list needs space on the system, which is used for password search. Lists of passwords, which are composed of, several words and several versions of the passwords regarding particular case mentioned.

  4. #4
    Join Date
    Oct 2008
    Posts
    105

    Re: What is dictionary attack in programming language?

    The most effective countermeasure is to force users to use special characters in their passwords. However, this increases the risk that they write down passwords. Additionally, it should be made to thwart the attacker, so that it takes as long as possible to try out many passwords. In general, this built-in active attacking objects after entering an incorrect password on hold. Here, the programmer may have to care, however, that the attacker does not take several attempts to log in parallel or gain access to equivalent passive objects of attack. For passive objects, a similar attack delay is difficult to achieve. The passwords of the users should not be stored in clear text. As a rule, which is merely a hash of the password stored. If an attacker manages to get hold of this file, it can begin with the hash stored there at first. It has to use above "passive objects of attack" method described by the entries of the dictionary individually hashes and compares the result with the encrypted password. Many would not produce lists of hash -> original word can be used is usually the password before hashing a random value, called the Salt extended. The random value is stored next to the hash.

  5. #5
    Join Date
    Nov 2008
    Posts
    97

    Re: What is dictionary attack in programming language?

    Besides the usual contents of a dictionary which contains a set of words, the dictionary can be made more efficient by combining words or by applying certain rules, which reflect the habits of choice for current passwords. To cite a few examples common for each word, we can try to change the case of certain letters or replace them with their equivalents in speak. Another trick is to repeat the word twice (eg. secret). It can also generate dictionaries corresponding to all the plate numbers, social security numbers, dates of birth, etc.. Such dictionaries can easily break passwords of users using such methods to enhance their insecure passwords. It is possible to detect brute force attacks by limiting the time between authentication attempts which significantly increases the duration of deciphering. Alternatively, the system of smart cards (eg credit card) or SIM cards , which blocks the system after 3 unsuccessful attempts which makes it impossible to brute-force attack.

  6. #6
    Join Date
    Apr 2008
    Posts
    240

    Re: What is dictionary attack in programming language?

    In applications, passwords are often stored as a hash from which it is very hard to recover the contents of the password. Some dictionaries used for attacks include the results of the signatures of passwords most common. An attacker with access to the results of hashing passwords could guess the original password. In this case we can use the "salting" the password. That is to say, adding a bit sequence for modifying the final sequence. Take for example the password 'Wikipedia', that used with the algorithm SHA-1 product: '664add438097fbd4307f814de8e62a10f8905588 '. We shall now use salted password by adding 'salty'. By hashing "Wikipedia salt" we get the hash: '1368819407812ca9ceb61fb07bf293193416159f 'making unnecessary any dictionary. A good practice is to not use a single key but salting the randomly generated for each record . Even if the key is salting must be legible for each password regenerate a complete dictionary salty. We can also integrate a dynamic part and a part integrated into the application source code for maximum security. Operating systems like UNIX system users password hashes salted.

  7. #7
    Join Date
    May 2008
    Posts
    255

    WLAN: dictionary attack on WPA implements

    I would like to comment about the dictionary attack on WPA implements. Dictionary attacks on weak passwords or pass phrases are nothing new - the TinyPEAP team demonstrated to move a WPA cracker online. The tool is aimed at the source code available WLAN networks, WPA-PSK (Wi-Fi Protected Access Pre-Shared Key) to use with weak passphrases. After recording the WPA authentication phase with a sniffer tool such as Ethereal can be EPA Attacker on the client-access-point connection used a passphrase by brute force or dictionary attack to determine. On a 1400-MHz notebook to the cracker 16 can test up to 18 passphrases per second. Because it is passive, it reveals on the part of the WLAN base station is not by many, within a short time failures occur. Risk are, however, only wireless LANs, the weak passphrases (local or personal names, common terms) used.

Similar Threads

  1. Replies: 3
    Last Post: 27-05-2011, 06:22 PM
  2. Dictionary attack in PHP
    By Danel in forum Software Development
    Replies: 5
    Last Post: 04-01-2011, 01:21 AM
  3. Socket programming: Is any new Programming Language?
    By Kushan in forum Software Development
    Replies: 3
    Last Post: 14-11-2009, 11:13 AM
  4. Dictionary Attack
    By Emma.J in forum Off Topic Chat
    Replies: 3
    Last Post: 22-08-2009, 04:49 PM
  5. How do I change the default dictionary language in Outlook Express.
    By BlackSunReyes in forum MS Office Support
    Replies: 2
    Last Post: 29-10-2008, 09:40 AM

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Page generated in 1,711,698,632.87344 seconds with 17 queries