Dictionary Attack

• Obtain a <plaintext, ciphertext> pair

• Create a list of English words, names, etc.

  • Also Star Wars, German, Shakespeare, …
  • thx1138 is a vulnerable password

• Derive keys from the words in the list

• Decrypt the ciphertext with the derived key

• If plaintext is recovered, the password is exposed

• Kerberos gives up <plaintext, ciphertext> easily

• UMich: > 4,000 vulnerable accounts

Previous slide

Next slide

Back to first slide

View graphic version