This article needs additional citations for verification. Please help improve this article by adding citations to reliable sources. Unsourced material may be challenged and removed. Find sources: "Dictionary attack" – news · newspapers · books · scholar · JSTOR (February 2018) (Learn how and when to remove this message)

In cryptanalysis and computer security, a dictionary attack is an attack using a restricted subset of a keyspace to defeat a cipher or authentication mechanism by trying to determine its decryption key or passphrase, sometimes trying thousands or millions of likely possibilities^[1] often obtained from lists of past security breaches.

A dictionary attack is based on trying all the strings in a pre-arranged listing. Such attacks originally used words found in a dictionary (hence the phrase dictionary attack);^[2] however, now there are much larger lists available on the open Internet containing hundreds of millions of passwords recovered from past data breaches.^[3] There is also cracking software that can use such lists and produce common variations, such as substituting numbers for similar-looking letters. A dictionary attack tries only those possibilities which are deemed most likely to succeed. Dictionary attacks often succeed because many people have a tendency to choose short passwords that are ordinary words or common passwords; or variants obtained, for example, by appending a digit or punctuation character. Dictionary attacks are often successful, since many commonly used password creation techniques are covered by the available lists, combined with cracking software pattern generation. A safer approach is to randomly generate a long password (15 letters or more) or a multiword passphrase, using a password manager program or manually typing a password.

It is possible to achieve a time–space tradeoff by pre-computing a list of hashes of dictionary words and storing these in a database using the hash as the key. This requires a considerable amount of preparation time, but this allows the actual attack to be executed faster. The storage requirements for the pre-computed tables were once a major cost, but now they are less of an issue because of the low cost of disk storage. Pre-computed dictionary attacks are particularly effective when a large number of passwords are to be cracked. The pre-computed dictionary needs be generated only once, and when it is completed, password hashes can be looked up almost instantly at any time to find the corresponding password. A more refined approach involves the use of rainbow tables, which reduce storage requirements at the cost of slightly longer lookup-times. See LM hash for an example of an authentication system compromised by such an attack.

Pre-computed dictionary attacks, or "rainbow table attacks", can be thwarted by the use of salt, a technique that forces the hash dictionary to be recomputed for each password sought, making precomputation infeasible, provided that the number of possible salt values is large enough.^[4]

• Cain and Abel
• Crack
• Aircrack-ng
• John the Ripper
• L0phtCrack
• Metasploit Project
• Ophcrack
• Cryptool

• Brute-force attack
• E-mail address harvesting
• Intercontinental Dictionary Series, an online linguistic database
• Key derivation function
• Key stretching
• Password cracking
• Password strength

• RFC 2828 – Internet Security Glossary
• RFC 4949 – Internet Security Glossary, Version 2
• US Secret Service use a distributed dictionary attack on suspect's password protecting encryption keys
• Testing for Brute Force (OWASP-AT-004) Archived 2020-01-14 at the Wayback Machine