Ver:
·
http://en.wikipedia.org/wiki/Dictionary_attack
Método
empleado para romper la seguridad de los sistemas basados en contraseñas
(password) en la que el atacante intenta dar con la clave adecuada probando
todas (o casi todas) las palabras posibles o recogidas en un diccionario
idiomático. Generalmente se emplean programas especiales que se encargan de
ello.
http://www.alerta-antivirus.es/seguridad/ver_pag.html?tema=S
(I) An attack that uses a
brute-force technique of successively trying all the words in some large,
exhaustive list. [RFC4949:2007]
A brute force attack that
tries passwords and or keys from a precompiled list of values. This is often
done as a precomputation attack.
http://www.rsasecurity.com/rsalabs/faq
A dictionary attack is a
method of breaking into a password-protected computer or server by
systematically entering every word in a dictionary as a password. A dictionary
attack can also be used in an attempt to find the key necessary to decrypt an
encrypted message or document.
Dictionary attacks work
because many computer users and businesses insist on using ordinary words as
passwords. Dictionary attacks are rarely successful against systems that employ
multiple-word phrases, and unsuccessful against systems that employ random
combinations of uppercase and lowercase letters mixed up with numerals. In
those systems, the brute-force method of attack (in which every possible
combination of characters and spaces is tried up to a certain maximum length)
can sometimes be effective, although this approach can take a long time to
produce results.
Vulnerability to password or
decryption-key assaults can be reduced to near zero by limiting the number of
attempts allowed within a given period of time, and by wisely choosing the
password or key. For example, if only three attempts are allowed and then a
period of 15 minutes must elapse before the next three attempts are allowed,
and if the password or key is a long, meaningless jumble of letters and
numerals, a system can be rendered immune to dictionary attacks and practically
immune to brute-force attacks.
A form of dictionary attack
is often used by spammers. A message is sent to every e-mail address consisting
of a word in the dictionary, followed by the at symbol (@), followed by the
name of a particular domain. Lists of given names (such as frank, george,
judith, or donna) can produce amazing results. So can individual letters of the
alphabet followed by surnames (such as csmith, jwilson, or pthomas). E-mail
users can minimize their vulnerability to this type of spam by choosing
usernames according to the same rules that apply to passwords and decryption
keys -- long, meaningless sequences of letters interspersed with numerals.
http://searchsoftwarequality.techtarget.com/glossary/
An attack that tries all of
the phrases or words in a dictionary, trying to crack a password or key. A
dictionary attack uses a predefined list of words compared to a brute force
attack that tries all possible combinations.
http://www.sans.org/security-resources/glossary-of-terms/
Méthode visant à
découvrir en peu de temps des mots de passe utilisateurs en utilisant comme
base de départ des mots d'un dictionnaire et en les comparant une fois chiffrés
avec le mot de passe chiffré que l'on souhaite découvrir. Les attaques par
dictionnaires se font généralement plus vite que des attaques exhaustives qui
visent à tester successivement toutes les combinaisons de caractères pour
trouver le mot de passe. Les pirates se basent sur la probabilité que le mot de
passe choisi peut être un mot courant du dictionnaire et donc plus facile et
rapide à découvrir en lançant une attaque par dictionnaire qu'en effectuant une
recherche exhaustive.
http://www.cases.public.lu/functions/glossaire/