Cryptography Stack Exchange
Cryptography Stack Exchange

Questions tagged [dictionary-attack]

A dictionary attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or pass-phrase by trying hundreds or sometimes millions of likely possibilities, such as words in a dictionary.

A dictionary attack uses a targeted technique of successively trying all the words in an exhaustive list — called a dictionary. In contrast to a (pure) brute force attack — where a large proportion key space is searched systematically — a dictionary attack tries only those possibilities which are most likely to succeed, typically derived from a list of words for example a dictionary... hence the phrase dictionary attack.

It is common to use passwords from previous breaches as a basis for future dictionary attacks.

26 questions
15
votes
5 answers

How can rainbow tables be used for a dictionary attack?

I'm putting together a password policy for my company. I very much want to avoid requiring complex passwords, and would much rather require length. The maximum length I can enforce is 14 characters. I can calculate that 14 random lower case…
Mitchell Kaplan
  • 283
  • 2
  • 7
10
votes
1 answer

How realistic is a dictionary attack on a secure remote password protocol (SRP) verifier?

I'm deploying a secure remote password protocol implementation and I'm wondering what the consequences are when the client generated verifier gets leaked to an attacker. I've read Thomas Wu's paper and as nice as it is, it doesn't talk about that…
Grant BlahaErath
  • 355
  • 1
  • 9
6
votes
1 answer

Does having a hash of a password jeopardize the security of plaintext that was encrypted with that password?

A malicious actor wants to decrypt ciphertext that was encrypted with a password. He also possesses the hash (bcrypt/PBKDF2) of that password. Does he have any significant practical advantage in decrypting that ciphertext as compared to just having…
OwenFlanders
  • 63
  • 3
4
votes
1 answer

Performing a dictionary attack on RSA/ECB with no padding

I have the exponent $e=2^{16}+1$ and modulus $n$ (154 digit number) of an RSA public key along with the ciphertext (64 bytes) encrypted using the same key with RSA/ECB and no padding. I am required to decrypt the ciphertext and have two…
2nce
  • 55
  • 6
4
votes
1 answer

What are the problems of IKEv1 aggressive mode (compared to IKEv1 main mode or IKEv2)?

I would like to seek confirmation/clarification of the following statements about IKE: IKEv1 aggressive mode is supposed to be “insecure” if used with PSK. But as far as I can see, correct (or more correct) would be the following IKEv1 aggressive…
Robert Siemer
  • 141
  • 1
  • 5
3
votes
2 answers

Does impersonating an SRP server give you enough information for an off-line dictionary attack?

In a comment to an answer I wrote to another question, CodesInChaos wrote that: "Problem with SRP is that an attacker who impersonates a server learns the password hash, enabling offline search." and further that: "If the server successfully…
Ilmari Karonen
  • 46,700
  • 5
  • 112
  • 189
3
votes
3 answers

SRP-6 vulnerabilities when N is small

I'm one of the developers of an application which uses SRP-6 as the authentication mechanism. The authentication part of the code is very old and uses N with only 256 bits (all arithmetic is done in modulo N). After receiving reports of stolen…
Gavriil Pascalau
  • 33
  • 3
3
votes
0 answers

Breaking a retro video game hash

The video game Skeleton Warriors for Sega Saturn uses a custom hash function to check for cheat codes entered at the pause screen. The function is equivalent to the Python code below. After computation, the hash results are compared to a list of…
bbayles
  • 131
  • 2
2
votes
2 answers

How to prove that a rainbow table is complete?

Passwords that are hashed but not salted can be cracked using the rainbow table. I went through this and this which explains the logic behind rainbow table very well. But I am missing something about the rainbow tables; how can one be sure that the…
Manohar
  • 155
  • 1
  • 4
2
votes
3 answers

Dictionary attack on pass-phrases on common algorithms?

I don't yet perfectly understand the difference between brute-force and dictionary attack since this differentiates one attacking the key and another attacking password: apparently attacking passwords can take longer, right? But it's not necessarily…
jokoon
  • 723
  • 1
  • 6
  • 13
2
votes
1 answer

XOR cipher with three different ciphertexts and repeated key, key length known. How do I find the plaintexts?

Let us say we have three different plaintexts (all alphabets, A-Z): $x$, $y$ and $z$, each of length $21$. Let the key, $a$, be also of length $21$. Now, what we have is $x \oplus a$, $y \oplus a$ and $z \oplus a$. How can we find out $x$, $y$ and…
Prasoon Shukla
  • 23
  • 4
2
votes
2 answers

What is the entropy per Diceware word if a random symbol is inserted into a random position in the word?

On the Diceware page is this little gem: For extra security without adding another word, insert one special character or digit chosen at random into your passphrase... Inserting a letter at random adds about 10 bits of entropy. By that statement,…
user7024
1
vote
2 answers

Crack AES encryption via passphrase dictionary attack?

How easy would it be to crack a AES-256 encrypted file, that is protected by a passphrase? I understand that the trying to brute force a AES-256 encryption key would be on the unfeasible side, even with quantum computing. But what if that encryption…
Kelthar
  • 13
  • 4
1
vote
1 answer

Could PAKE via smooth projective hash function protect agaist replay attacks?

I came across some password-based authenticated key exchange (PAKE) protocols that are based on the smooth projective hash function (SPHF) in the standard model. And I checked some related works, and most of them only considered the dictionary…
Z.P.
  • 353
  • 1
  • 6
1
vote
0 answers

Why isn't Kerberos using temporary keys to avoid dictionary attacks?

In the Kerberos protocol, the user sends his ID, the server (Or ticket granting server) ID and a nonce value. The Key Distribution Center uses a key (I assume symmetrical) derived from the client's password to send a message containing the session…
asaf92
  • 121
  • 3
1
2