ए भाई Think ज़रा हटके
Note: amtyThumb must be installed for new version of amty thumb post/recent

Brute-force and dictionary attack, poor hacking tactics

Mr. Das noticed that his boss entered a 5-6 digit password in his personal management project. Mr. Das noticed only 1st digit of the password. Next day he made all possible combination with 5-6 digits where the first digit was known. He used brute-force attacker software to generate and apply combination in less time. And he cracked the password.

A brute force attack means trying every possible combination until you find the right one.

Alphabet combination on wallpaper

You are free to customize input characters, password length. For example

For letters 1,3,a,t,u, some possible combinations would be

13atu

13aut

13tau

:

atu31

31tua

:

You can give input characters to limit number of words. You can also limit the length of password like if you keep password length 4 for above example then combination would be;

3au1

3ta1

:

dictionary attack is very similar to Brute-force attack. But it is little bit faster. It doesn’t make combination of input characters but uses dictionary word. This is somewhat like making anagram.

Why do I call it as poor hacking tactics?

A hacker never believes in Hit & Try. They search for a proper method. There is always some logic behind any step they take. I hacked locked folders and locked ZIP files too. But I never used any brute force attacker.

How to protect you from Brute-force and dictionary attack?

Never let anyone enter password many times nor enter password in other’s presence.

You can’t control people to enter password many times. But a programmer can do. Read below mentioned points which would help a programmer and user as well to avoid such attacks.

Programmer’s point of view

  • Lock the account after fixed number of failed login attempts.
  • Block an IP, where you get many failed login attempts from.
  • You may increase interval between two logins.
  • Don’t let user set password less than 6 or 8 length.
  • Ask users to set password containing alphanumeric & special characters.

User’s point of view

  • Password length must be more than 6-8 characters.
  • Your password must not be any dictionary word.
  • You must use alpha numeric & special characters in your password.
  • Don’t use password like your PAN# or mob# or something that can be guessed easily.
  • Change password regularly, once in a month or as per your choice.
These attacks fail breaking lengthy and stronger passwords.

Remember that brute force & dictionary attacks are not only the way to hack your password. The worst technique for users is keylogger and for programmer is SQL injection.

Amit Gupta

Hey! this is Amit Gupta (amty). By profession, I am a Software Eng. And teaching is my passion. Sometimes I am a teacher, as you can see many technical tutorials on my site, sometimes I am a poet, And sometime just a friend of friends...

536
views


To book below area mail me




No Comments

« Previous Post 
 Next Post »

Leave a Reply

captcha

You can follow any responses to this entry through the RSS 2.0 feed.