Back to course

Dictionary Attacks vs. Brute Force

Cyber Security Mastery: From Zero to Hero

Cracking Strategies

1. Dictionary Attack

  • Method: Trying passwords from a curated list of words, phrases, and previously leaked credentials.
  • Efficiency: Very fast. Most common passwords (those under 10 characters or simple words) are cracked almost instantly.
  • Tools: JTR, Hashcat (using -a 0).

2. Brute Force Attack

  • Method: Systematically trying every single possible combination of characters (A-Z, a-z, 0-9, symbols) for a defined length.
  • Efficiency: Guaranteed to find the password eventually, but takes astronomically long for long passwords (e.g., a 12-character complex password takes years).
  • Use Case: Often limited to short PINs or simple hashes. Brute force is rarely practical for modern, complex passwords.
  • Tools: Hashcat (using -a 3).

Hybrid Attacks: Combine dictionary attacks with rules (e.g., add '2023' to the end of every dictionary word).