A dictionary attack is a form of brute force attack in which every word of a dictionary is entered systematically to break into a password protected computer, server or file.In contrast to brute force attack in which large proportion of key space are searched, dictionary attack tries only those possibilities which are likely to succeed.Dictionary attacks are often successful because most people have the tendancy to use short passwords that are either words or common passwords.
Types of Dictionary attacks
1) Pre-computed dictionary attack or Rainbow table attack-In this approach a pre-computed list of hashes of word is made and is stored in the database using the hash as key.It is a tedious task as it take considerable amount of time.Pre-computed dictionary need to be generated only once.After completion corresponding password hashes can be looked instantly.
A more refined approach use rainbow table which reduces storage requirement cost but has a longer lookup time.
How to Prevent Dictionary attack?
1) Delayed Response– Delayed response from server can prevent hacker from submitting multiple passwords in a short period of time.
2) Limit login attempts-Blocking an ip after several unsuccesful attempts helps to prevent hackers from applying multiple passwords to log in.
3) Using Complex Passwords– Using complex passwords like combination of upper and lowercase characters mixed with numbers and special symbols.