What is a dictionary attack?
A dictionary attack is password attack where every word from the dictionary is attempted against a password hash. Good dictionary attacks use wordlists with dictionaries of other languages (depending on the target), the most commonly used passwords (many of which aren’t words in the dictionary), and order the wordlists with the most commonly used passwords on top to save cracking time.
For those of you who are visual learners, a dictionary attack is like approaching a woman or man using a pickup line from a list in you pocket, being shot down and kicked in the face, trying again, being shot down and smacked in the face, until finally one of the pickups on your list work and you have yourself a date.
When should you use a dictionary attack?
When performing a password cracking attack, dictionary attacks usually are, and should be the first attack type used. Why? Because most people create shitty passwords due to the “huge” effort it takes to remember and type in a bit longer and more complex password. Due to this laziness factor, dictionary attacks can usually crack a good percentage of the hashes they are run against. Dictionary attacks are also the first and many times the only type of attack used in online attacks. This is because, as you’ve learned before, online attacks can be very slow and noisy.