Definition - What does Dictionary Attack mean?
A dictionary attack is a technique or method used to breach the computer security of a password-protected machine or server. A dictionary attack attempts to defeat an authentication mechanism by systematically entering each word in a dictionary as a password or trying to determine the decryption key of an encrypted message or document.
Dictionary attacks are often successful because many users and businesses use ordinary words as passwords. These ordinary words are easily found in a dictionary, such as an English dictionary.
Techopedia explains Dictionary Attack
The most common method of authenticating a user in a computer system is through a password. This method may continue for several more decades because it is the most convenient and practical way of authenticating users. However, this is also the weakest form of authentication, because users frequently use ordinary words as passwords. Antagonistic users such as hackers and spammers take advantage of this weakness by using a dictionary attack. Hackers and spammers attempt to log in to a computer system by trying all possible passwords until the correct one is found.
Two countermeasures against dictionary attacks include:
- Delayed Response: A slightly delayed response from the server prevents a hacker or spammer from checking multiple passwords within a short period of time.
- Account Locking: Locking an account after several unsuccessful attempts (for example, automatic locking after three or five unsuccessful attempts) prevents a hacker or spammer from checking multiple passwords to log in.
Dictionary attacks are not effective against systems that make use of multiple-word passwords, and also fail against systems that use random permutations of lowercase and uppercase letters combined with numerals.