Dictionary attack
Create a list of English words, names, etc.
- Also Star Wars, German, Shakespeare, …
- thx1138 is a vulnerable password! :-(
Derive keys from the words in the list
Obtain a <plaintext, ciphertext> pair
- Kerberos gives up <plaintext, ciphertext> easily
Decrypt ciphertext with the derived key
- If plaintext recovered, password is exposed
UMich: > 4,000 vulnerable accounts in 1997