This attack is used to obtain passwords. Most password systems do not store plaintext passwords or encrypted passwords. They avoid encrypted passwords because a compromised key leads to the compromise of all passwords in the data store. Lost keys mean that all passwords are invalidated. Most user store implementations hold password hashes (or digests). Users are authenticated by re-computing the hash based on the user-supplied password value and comparing it against the hash value stored in the database. If an attacker manages to obtain the list of hashed passwords, a brute force attack can be used to crack the password hashes.
Auntie google tejemah....
Dictionary attack ini bertujuan mendapatkan password melalui pencarian didalam database mangsa...perkataan2 yang kerap digunakan dan kebarangkalian yg tinggi untuk dijadikan password akan digunakan, contohnya nama ibu, tarikh lahir, no IC, no kenderaan dll...jika senarai ini dijumpai oleh hackers, serangan brute force akan digunakan iaitu kaedah try n error. Untuk meminimakan risiko, gunakan password yg kompleks seperti perkataan ' I Love Water' ditukar dengan 'I7ov3w@+3r'.
No comments:
Post a Comment