In cryptanalysis and computer security, a dictionary attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by searching likely possibilities. In contrast with a brute force attack, where a large proportion key space is searched systematically, a dictionary attack tries only those possibilities which are most likely to succeed, typically derived from a list of words in a dictionary. Generally, dictionary attacks succeed because many people have a tendency to choose passwords which are short (7 characters or fewer), single words in a dictionary, or are simple variations that are easy to predict, such as appending a single digit to a word.

Dictionary attacks may be applied in two main situations:

* in cryptanalysis, in trying to determine the decryption key for a given piece of ciphertext;
* in computer security, in trying to circumvent an authentication mechanism for accessing a computer system by guessing passwords.

In the latter case, the effect of a dictionary attack can be greatly reduced by limiting the number of authentication attempts that can be performed each minute, and even blocking further attempts after a threshold of failed authentication attempts is reached. Generally, 6 attempts is considered sufficient to cope with mistakes made by legitimate users; beyond that, one can safely assume that the user is a malicious attacker.

Answered by Nagendra , an ibibo Master, at 9:49 PM on November 01, 2008

A dictionary attack consists of trying "every word in the dictionary" as a possible password for an encrypted message.

A dictionary attack is generally more efficient than a brute force attack, because users typically choose poor passwords.

Dictionary attacks are generally far less successful against systems that use passphrases instead of passwords.
Improving Dictionary Attacks

There are two methods of improving the success of a dictionary attack.

The first method of improving the success of a dictionary attack is to use a larger dictionary, or more dictionaries. Technical dictionaries and foreign language dictionaries will increase the overall chance of discovering the correct password.

The second method of improving the success of a dictionary attack is to perform string manipulation on the dictionary. For example, the dictionary may have the word "password" in it. Common string manipulation techniques will try the word backwards (drowssap), with common number-letter replacements (p4ssw0rd), or with different capitalization (Password).

Of course, very small dictionaries may lead to the fastest success, if one or more of the targets is encrypted with a very weak password. A short list of girls names can yield amazing results.

A dictionary of potential passwords is more accurately known as a wordlist.

Answered by Anju Singh , an ibibo Master, at 7:52 AM on November 01, 2008