• Main Menu
  • Dictionary Attacks

    A dictionary attack consists of trying “every word in the dictionary” as a possible password for an encrypted message.

    A dictionary attack is generally more efficient than a brute force attack because users typically choose poor passwords.

    Dictionary attacks are generally far less successful against systems that use passphrases instead of passwords.

    Improving Dictionary Attacks

    There are two ways to improve dictionary attack success.

    The first way is to use a larger or more dictionaries. Technical and foreign language dictionaries increase the overall chance of discovering the correct password.

    The second way is to perform string manipulation on the dictionary. For example, the dictionary may have the word “password” in it. Common string manipulation techniques try the word backwards (drowssap), with common number-letter replacements (p4ssw0rd) or different capitalization (Password).

    Of course, very small dictionaries may lead to the fastest success if one or more of the targets is encrypted with a very weak password. A short list of girls’ names can yield amazing results.

    A dictionary of potential passwords is more accurately known as a wordlist.

    What to Do if the Dictionary Attack Fails

    If an extensive dictionary attack fails, it may be worthwhile to resort to a brute force attack. A brute force attack is more certain to achieve results eventually than a dictionary attack.

    Got Something To Say:

    Your email address will not be published. Required fields are marked *

    1. Glaucia

      20 September, 2010 at 1:06 am


      but now that %$%¨$@&%$#&$#& don’t wanna give it back to me 😥 😐

    2. Emma Brown

      19 August, 2010 at 12:17 pm

      Hey, is there any ‘free, good & virus free’ dictionary attack software available on the net ?? i havent been able to find any.

    3. Daniel Memenode

      17 August, 2010 at 1:30 pm

      Glaucia, according to my quick search yes, but I wouldn’t advise that. Google has their own password recovery process. You shouldn’t need to do an attack, unless of course it’s not your account, in which case I still don’t advise it!

    4. Glaucia

      15 August, 2010 at 3:28 pm

      I would like to know if I can recover a gmail account using this dictionary attack???
      Thank you.

    178 queries in 0.577 seconds.