this post was submitted on 02 Aug 2023
88 points (94.9% liked)
Interesting
555 readers
1 users here now
- Be respectful to other members Treat others with kindness and courtesy, even if you disagree with their opinions.
- Stay on topic Keep your discussions relevant to the purpose of the forum. Avoid going off-topic or derailing conversations.
- No spamming Avoid posting irrelevant or unnecessary content, advertisements, or links to unrelated websites.
- Use proper language and tone Choose your words carefully when commenting or replying to others. Avoid using profanity or engaging in offensive language and personal attacks.
- Do not share personal information Protect your privacy by refraining from sharing personal details such as addresses, phone numbers, or email addresses on the forum.
- Report any issues If you come across any inappropriate behavior or content, report it to the forum moderators or administrators.
- Have fun and contribute positively Participate actively and add value to the discussions. Engage in meaningful and constructive conversations with fellow members.
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
That's not how it typically works. Accounts are usually obtained from a hash file (like what's in your /etc/shadow or whatever the equivalent is in Windows).
In there your typical password looks like a strong string of gibberish characters, but is actually the result of a one way function that processed the original password. When you enter you password, the function is applied to it and the result is compared to the stored one.
To break a password, you have to run stuff through that function (which is slightly computationally expensive, although using GPUs now helps quite a bit) until you find whatever matches the stored string (because it''s a one way function). Then you have the original password. This is known as a dictionary attack (because you basically have to run through the whole dictionary).
And this concludes hacking 101 for today.
No, a dictionary attack uses a specific collection of known passwords (usually from leaks/compromised websites etc.) and regular words. Then you apply common substitutions, like a 3 for an e or appending an !. This collection is then called a dictionary.
What you described and is referred to in the infographic is called a brute force attack.
Good point, I might have written that a bit fast.
Still need to know what the salt is, assuming the website is somewhat competent about password storage.