Dictionary attack
A dictionary attack tests a prioritized list of likely passwords, keys, or phrases instead of exhaustively enumerating every possibility.
Definition
A dictionary attack tries candidates from wordlists built from common passwords, words, leaks, names, and predictable variations. It sacrifices complete coverage for a high chance of finding human-chosen secrets early.
Online and offline attacks
Online guessing is limited by server rate controls and lockouts. Offline attackers who obtain password hashes can test candidates without contacting the service, often in parallel. The hash format and cost strongly affect speed.
Defense
Use unique long passwords or generated secrets, a unique salt per password, and a modern memory-hard password KDF. Salts do not make weak passwords strong, but prevent one precomputed result from testing many accounts.
A dictionary prioritizes likely candidates but may miss unusual secrets; exhaustive search covers its entire defined space.
Only slightly. Modern wordlists include common substitutions and appended digits.
No. It forces separate work for each salt; a slow KDF and strong password are still required.