Results 1 to 7 of 7

Thread: Dictionary attacks

  1. #1
    Join Date
    Sep 2011
    Location
    South Africa
    Beans
    164
    Distro
    Xubuntu 12.10 Quantal Quetzal

    Dictionary attacks

    Hi

    I have a simple question with regards to dictionary attacks.
    Most systems give the user only three tries with the password, how are dictionary attacks possible then?

    Regards,

    Adeeb
    Last edited by 3v3rgr33n; March 12th, 2013 at 01:55 PM.

  2. #2
    Join Date
    Apr 2008
    Location
    LOCATION=/dev/random
    Beans
    5,767
    Distro
    Ubuntu Development Release

    Re: Dictionary attacks

    Dictionary attacks aren't really aimed at that type of password hacking.

    They are usually used when you manage to get hold of the file containing the password hashes for a system (whether it's the /etc/shadow file, a database containing the password hashes, or the SAM file for Windows machines).

    When you are cracking against a file of password hashes you don't have the 3 tries limitation, you can attempt as many passwords as you have time for.
    Last edited by Cheesemill; March 8th, 2013 at 07:03 PM.
    Cheesemill

  3. #3
    Join Date
    Sep 2009
    Location
    California U.S.A.
    Beans
    398

    Re: Dictionary attacks

    Quote Originally Posted by 3v3rgr33n View Post
    Hi

    I have a simple question with regards to dictionary attacks.
    Most systems give the user only three tries with the password, how are dictionary attacks possible then?

    Regards,

    Adeeb
    Can you be more specific? Three tries with what password? Login? SSH? FTP? What are we talking about here?

  4. #4
    Join Date
    Sep 2011
    Location
    South Africa
    Beans
    164
    Distro
    Xubuntu 12.10 Quantal Quetzal

    Re: Dictionary attacks

    Quote Originally Posted by dodo3773 View Post
    Can you be more specific? Three tries with what password? Login? SSH? FTP? What are we talking about here?
    I was trying to be general, but to my knowledge (I've just tried ssh) : ssh allows three login tries before discontinuing the login prompt. I'm not sure abt the others.
    That wasn't the point though. Cheesemill seems to have answered me!

  5. #5
    Join Date
    Jan 2012
    Beans
    753

    Re: Dictionary attacks

    Imagine you wanted to steal a safe from a bank. How long do you think they'll let you stand giving them repeated fake identies before you're kicked out? You wouldn't have that limitation if you had the actual bank vault present to try guessing the combination. It's the same with a computer. It can be set to wait an arbitrary amount of time after an arbitrary amount of failed attempts if it's between the attacker and the encrypted data. If the attacker has actual physical access to the data (or a copy), he can guess passwords as fast as his computer's hardware allows.

  6. #6
    Join Date
    Sep 2011
    Location
    South Africa
    Beans
    164
    Distro
    Xubuntu 12.10 Quantal Quetzal

    Re: Dictionary attacks

    I can't mark this thread as solved, the option is not available under Thread Tools. Have things changed with the new interface?

  7. #7
    BlinkinCat is offline Iced Blended Vanilla Crème Ubuntu
    Join Date
    Aug 2011
    Beans
    Hidden!

    Re: Dictionary attacks

    Quote Originally Posted by 3v3rgr33n View Post
    I can't mark this thread as solved, the option is not available under Thread Tools. Have things changed with the new interface?
    Yes -

    https://wiki.ubuntu.com/UnansweredPo.../SolvedThreads

    Cheers -

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •