Hi
I have a simple question with regards to dictionary attacks.
Most systems give the user only three tries with the password, how are dictionary attacks possible then?
Regards,
Adeeb
Hi
I have a simple question with regards to dictionary attacks.
Most systems give the user only three tries with the password, how are dictionary attacks possible then?
Regards,
Adeeb
Last edited by 3v3rgr33n; March 12th, 2013 at 01:55 PM.
Dictionary attacks aren't really aimed at that type of password hacking.
They are usually used when you manage to get hold of the file containing the password hashes for a system (whether it's the /etc/shadow file, a database containing the password hashes, or the SAM file for Windows machines).
When you are cracking against a file of password hashes you don't have the 3 tries limitation, you can attempt as many passwords as you have time for.
Last edited by Cheesemill; March 8th, 2013 at 07:03 PM.
Cheesemill
Imagine you wanted to steal a safe from a bank. How long do you think they'll let you stand giving them repeated fake identies before you're kicked out? You wouldn't have that limitation if you had the actual bank vault present to try guessing the combination. It's the same with a computer. It can be set to wait an arbitrary amount of time after an arbitrary amount of failed attempts if it's between the attacker and the encrypted data. If the attacker has actual physical access to the data (or a copy), he can guess passwords as fast as his computer's hardware allows.
I can't mark this thread as solved, the option is not available under Thread Tools. Have things changed with the new interface?
Yes -
https://wiki.ubuntu.com/UnansweredPo.../SolvedThreads
Cheers -
PopularPages: A very handy Documentation Search Tool used by many.
PopularPages Wiki Thread
My New Blog
Bookmarks