Ver:
· http://en.wikipedia.org/wiki/Dictionary_attack
Método
empleado para romper la seguridad de los sistemas basados en contraseñas
(password) en la que el atacante intenta dar con la clave adecuada probando
todas (o casi todas) las palabras posibles o recogidas en un diccionario
idiomático. Generalmente se emplean programas especiales que se encargan de
ello.
http://www.alerta-antivirus.es/seguridad/ver_pag.html?tema=S
(I) An attack
that uses a brute-force technique of successively trying all the words in some
large, exhaustive list. [RFC4949:2007]
A brute force
attack that tries passwords and or keys from a precompiled list of values. This
is often done as a precomputation attack.
http://www.rsasecurity.com/rsalabs/faq
A dictionary attack
is a method of breaking into a password-protected computer or server by
systematically entering every word in a dictionary as a password. A dictionary
attack can also be used in an attempt to find the key necessary to decrypt an
encrypted message or document.
Dictionary
attacks work because many computer users and businesses insist on using
ordinary words as passwords. Dictionary attacks are rarely successful against
systems that employ multiple-word phrases, and unsuccessful against systems
that employ random combinations of uppercase and lowercase letters mixed up
with numerals. In those systems, the brute-force method of attack (in which
every possible combination of characters and spaces is tried up to a certain
maximum length) can sometimes be effective, although this approach can take a
long time to produce results.
Vulnerability to
password or decryption-key assaults can be reduced to near zero by limiting the
number of attempts allowed within a given period of time, and by wisely
choosing the password or key. For example, if only three attempts are allowed
and then a period of 15 minutes must elapse before the next three attempts are
allowed, and if the password or key is a long, meaningless jumble of letters
and numerals, a system can be rendered immune to dictionary attacks and
practically immune to brute-force attacks.
A form of
dictionary attack is often used by spammers. A message is sent to every e-mail
address consisting of a word in the dictionary, followed by the at symbol (@),
followed by the name of a particular domain. Lists of given names (such as
frank, george, judith, or donna) can produce amazing results. So can individual
letters of the alphabet followed by surnames (such as csmith, jwilson, or
pthomas). E-mail users can minimize their vulnerability to this type of spam by
choosing usernames according to the same rules that apply to passwords and
decryption keys -- long, meaningless sequences of letters interspersed with
numerals.
http://searchsoftwarequality.techtarget.com/glossary/
An attack that
tries all of the phrases or words in a dictionary, trying to crack a password
or key. A dictionary attack uses a predefined list of words compared to a brute
force attack that tries all possible combinations.
http://www.sans.org/security-resources/glossary-of-terms/
Méthode visant à
découvrir en peu de temps des mots de passe utilisateurs en utilisant comme
base de départ des mots d'un dictionnaire et en les comparant une fois chiffrés
avec le mot de passe chiffré que l'on souhaite découvrir. Les attaques par
dictionnaires se font généralement plus vite que des attaques exhaustives qui
visent à tester successivement toutes les combinaisons de caractères pour
trouver le mot de passe. Les pirates se basent sur la probabilité que le mot de
passe choisi peut être un mot courant du dictionnaire et donc plus facile et
rapide à découvrir en lançant une attaque par dictionnaire qu'en effectuant une
recherche exhaustive.
http://www.cases.public.lu/functions/glossaire/
Temas relacionados