Dictionary Attacks and Rainbow Tables
See how precomputed hash tables enable fast password cracking and how salting defeats them.
Dictionary Attacks: Wordlist-Based Cracking
A dictionary attack does not try every possible combination; instead it tries a curated list of likely passwords. Real users choose passwords from a limited vocabulary: common words, names, dates, and phrases. Testing a wordlist of one million likely passwords is vastly faster than testing all possible 8-character strings (200 trillion combinations). Dictionary attacks succeed because human password choices are predictable.
rockyou.txt: The Password Breach Dataset
In 2009, the social networking site RockYou suffered a breach that exposed 32 million user passwords in plaintext. The resulting list, now called rockyou.txt, contains approximately 14 million unique passwords and is the standard first wordlist used in password cracking. Examining rockyou.txt reveals that the most common passwords are 123456, password, and variations on first names followed by numbers.
All lessons in this course
- How Brute Force Attacks Work
- Dictionary Attacks and Rainbow Tables
- Why Cryptographic Key Length Matters
- Rate Limiting and Account Lockout Defenses