Dictionary Attack

Why Trust Techopedia

What Does Dictionary Attack Mean?

A dictionary attack is a technique or method used to breach the computer security of a password-protected machine or server. A dictionary attack attempts to defeat an authentication mechanism by systematically entering each word in a dictionary as a password or trying to determine the decryption key of an encrypted message or document.

Advertisements

Dictionary attacks are often successful because many users and businesses use ordinary words as passwords. These ordinary words are easily found in a dictionary, such as an English dictionary.

Techopedia Explains Dictionary Attack

The most common method of authenticating a user in a computer system is through a password. This method may continue for several more decades because it is the most convenient and practical way of authenticating users. However, this is also the weakest form of authentication, because users frequently use ordinary words as passwords. Antagonistic users such as hackers and spammers take advantage of this weakness by using a dictionary attack. Hackers and spammers attempt to log in to a computer system by trying all possible passwords until the correct one is found.

Two countermeasures against dictionary attacks include:

  1. Delayed Response: A slightly delayed response from the server prevents a hacker or spammer from checking multiple passwords within a short period of time.
  2. Account Locking: Locking an account after several unsuccessful attempts (for example, automatic locking after three or five unsuccessful attempts) prevents a hacker or spammer from checking multiple passwords to log in.

Dictionary attacks are not effective against systems that make use of multiple-word passwords, and also fail against systems that use random permutations of lowercase and uppercase letters combined with numerals.

Advertisements

Related Terms

Margaret Rouse
Technology Expert
Margaret Rouse
Technology Expert

Margaret is an award-winning technical writer and teacher known for her ability to explain complex technical subjects to a non-technical business audience. Over the past twenty years, her IT definitions have been published by Que in an encyclopedia of technology terms and cited in articles by the New York Times, Time Magazine, USA Today, ZDNet, PC Magazine, and Discovery Magazine. She joined Techopedia in 2011. Margaret's idea of a fun day is helping IT and business professionals learn to speak each other’s highly specialized languages.