Stack Overflow
Stack Overflow

Questions tagged [dictionary-attack]

A dictionary-attack is a one in which the attacker guesses a subset of the allowed input values based on assumptions about likely keys (e.g. that they may be based on dictionary words).

Dictionary attacks can be made more efficient (in terms of time to use) by pre-computing the hashes of all of the potential keys in the dictionary. This dictionary of hashes is referred to as a rainbow table.

Rainbow tables can be invalidated by the use of a salt, which increases the key size by appending random data. This will at least force the re-computation of a rainbow table for a specific instance (assuming the salt can be determined by the attacker). However, if a sufficiently random salt is used for every hashed value, creating a rainbow table would become impractical, requiring the attacker to computer a rainbow table as many times larger as the number of possible values of the salt.[1]

28 questions
86
votes
11 answers

Why do salts make dictionary attacks 'impossible'?

Update: Please note I am not asking what a salt is, what a rainbow table is, what a dictionary attack is, or what the purpose of a salt is. I am querying: If you know the users salt and hash, isn't it quite easy to calculate their password? I…
Tom Gullen
  • 61,249
  • 84
  • 283
  • 456
4
votes
4 answers

Python - how to generate wordlist from given characters of specific length

I want to perform a dictionary attack and for that I need word lists. How to generate word list from given characters of specific length ( or word length from min length to max length )? I have tried itertools.combinations_with_replacements and…
Aamu
  • 3,431
  • 7
  • 39
  • 61
3
votes
0 answers

How to detect Captcha farms and block Captcha bots

Brief Summary Let's start with a brief introduction of what a Google reCaptcha farm is - a service that bot developers can query via an API to automate solving Google reCaptcha: The bot is blocked by a Captcha challenge. It makes an API call to the…
Zdravko Nestorov
  • 91
  • 5
2
votes
1 answer

Length extension attack doubts

So I've been studying this concept of length extension attacks and there are few things that I noticed during my study about it which are not very bright to me. 1.Research papers are explaining how you can append some type of data to the end and…
TrueStar
  • 79
  • 6
2
votes
2 answers

Dictionary attack on multiple-word password

Yet another password question, I'm afraid... I've been reading up on password strength and so forth and I have a question about dictionary attacks on a password if you ladies and gentlemen would be so kind as to answer. As far as I can tell from the…
Mark Austen
  • 127
  • 1
  • 9
1
vote
4 answers

Storing salt+password hash in DB and protecting against password attack

Please help me with my understanding. Also I am not talking about SSL or DH key exchange. As the salt is stored in DB and is a secret to the attacker to just protect the user original password (Rainbow tables), in case attacker gets their hand on…
Priyank Bolia
  • 14,077
  • 14
  • 61
  • 82
1
vote
1 answer

Dictionary based bruteforce on a RSA Private Key

I have an RSA Private key for my SSL certificate. Unfortunately I forgot the passphrase. Here is the header info: -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: AES-256-CBC,9A3F1B0DB81DA3C64E5BCA3534544E04 I would like to perform…
Varghese George
  • 71
  • 1
  • 6
1
vote
2 answers

how to perform XOR of all words in a file

I want to convert all words in a standard dictionary (for example : /usr/share/dict/words of a unix machine) integer and find XOR between every two words in the dictionary( ofcourse after converting them to integer) and probably store it in a new…
kingmakerking
  • 2,017
  • 2
  • 28
  • 44
0
votes
1 answer

Invalid continuation byte while reading .txt file

I'm getting this error in my python code: UnicodeDecodeError: 'utf-8' codec can't decode byte 0xe4 in position 5884: invalid continuation byte The script is for a dictionary attack using the Crackstation dictionary. I'm trying to make this for…
jedd
  • 9
  • 2
0
votes
0 answers

Script for ZIP file dictionary attack creates strange files with large dictionaries

I'm building a ZIP file password-recovery tool which tries every password in a dictionary file to unlock a specified ZIP file. However, when I use a long dictionary file, strange files appear that have the name as words in the dictionary. This tool…
O5 Command Stands With Ukraine
  • 123
  • 10
0
votes
1 answer

Efficient way of iterating through large amounts of data in Python

I'm trying to run a dictionary attack on a sha512 hash. I know the hash is made up of two words, all lowercase, separated by a space. The words are from a known dictionary (02-dictionary.txt), which contains 172,820 words. Currently, my code is the…
Will Trussell
  • 3
  • 1
0
votes
0 answers

Possible attack on mysqlServer ErrorLogs

Asking a question to you guys : I have my MysqlLogs with 200 000 + [Note] Access denied for user 'root'@'122.224.33.184' (using password: YES) With multiple Usernames ( Magento / root / Admin / user / developper /dev etc... ) the pick goes from 0…
Ggs
  • 181
  • 15
0
votes
2 answers

For loop in BASH to get username and password tuple

I am writing a simple script with Bash 4.4.23, to perform a demonstrative dictionary attack towards various web servers which use default passwords. The arrays containing usernames and passwords are declared above the "for" cycles, which are as…
Alessandro
  • 161
  • 1
  • 1
  • 15
0
votes
3 answers

Brute-force cracking SHA-512 passwords in unix password file

I have a school assignment which consists of me having to crack a unix password file, the passwords were created using SHA-512, I'm using python3, to write my password cracking script, which goes through a password file, adds the salt and compares…
david yeritsyan
  • 422
  • 6
  • 26
0
votes
1 answer

fail2ban and joomla error logs matching problem

I can't match joomlas error.php lines with fail2ban regex. I suspect it might be related with date and time format used in the log file or the amount of whitespaces in the error line. Do you have an idea how to add custom date/time format definition…
Vedran B
  • 33
  • 5
1
2