▶ 6.4 Attacks on Password Bias
If our computer user community commits to using long, random passwords, attackers won’t succeed very often at guessing passwords, either online or offline. However, attackers can probably retrieve some passwords if they focus on likely passwords. This is the dictionary attack.
Researchers discussed dictionary attacks in the 1970s and 1980s, and a few systems applied simple tricks to make such attacks more difficult. In late 1988, someone actually used a dictionary attack to crack passwords and exploit them. It was, again, the Morris worm.
Earlier in the text, we saw how the Morris worm used a flaw in the “finger” process to penetrate a vulnerable computer. Not all computers ran that version of “finger,” so that ...
Get Elementary Information Security, 3rd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
