Dictionary attack

A dictionary attack refers to breaking a cipher, or obtaining a password, by running through a list of likely keys, or a list of words. For example, one can 'break' a password on a computer in an English speaking country by encrypting each of a list of English words and comparing each encryption against the stored encrypted version of users' passwords. Since users often choose inappropriate (ie, easily guessed or broken) passwords, this has historically succeeded about 4 times out of 10 when a reasonable list is used.

In the case of a cipher, if keys are suspected to be words, the same technique can be used to break messages encrypted with it.

An example of a dictionary attack occurred in the Second World War, when British codebreakers working on German Enigma-ciphered messages used the German word eins as part of a dictionary attack; eins, the word for the number one, appeared in 90% of all Engima messages, as the Enigma machine's keyboard had no numerals.

Clifford Stoll's book, The Cuckoo's Egg, contains an interesting, and unusually readable, account of a dictionary attack against the encrypted passwords kept in the passwd[?] file in Unix systems, and of the reaction to the successful attack of the man (Robert Morris Sr) who invented the encryption system used for those passwords.

See also:

• Brute force attack

Well known examples of dictionary attack software tools include John the Ripper (http://www.openwall.com/john/) and L0phtCrack (http://www.atstake.com/research/lc3/)