Glossary
Dictionary attack is a general threat to all passwords. An attacker who obtains some sensitive password-derived data, such as a hashed-password, performs a series of computations using every possible guess for the password. Since passwords are typically small by cryptographic standards, the password can often be determined by brute-force. Depending on the system, the password, and the skills of the attacker, such an attack can be completed in days, hours, or perhaps only a few seconds.
The term dictionary attack initially referred to finding passwords in a specific list, such as an English dictionary. Today, a brute-force approach can compute likely passwords, such as all five-letter combinations, "on-the-fly" instead of using a pre-built list. Since these threats are roughly equivalent, we use the term in the broader sense to include all brute-force attacks.
A password database should always be kept secret to prevent dictionary attack on the data. Obsolete password methods also permit dictionary attack by someone who eavesdrops on the network. Strong methods prevent this.
Hashed Password or Password-Verifier
Passwords stored in a database should be stored in a one-way hashed form, to prevent casual retrieval of the information. Since passwords are often vulnerable to dictionary attack, preventing unauthorized access to this data thus remains a high priority. In general, the requirement for secure host storage is characteristic of all mutual authentication cryptographic systems. Alternative public-key methods are especially sensitive to the theft of a stored private key.
An on-line attack requires the active participation of a legitimate user or host. The important things are to minimize the information revealed in each attack, and to insure that the legitimate party is aware that an attack or failure has occurred. A user naturally becomes suspicious and reports trouble when a large number of failures occurs, and the system should encourage this. A host typically counts bad or suspicious attempts, and takes remedial action when a limit is exceeded.Off-line password attacks have historically been harder to prevent. We must assume that an attacker has a large amount of CPU power, has technical expertise, and can monitor or probe the network to gather password protocol messages. This is true for anyone who has a Pentium, web access, and can click to download and run a cracker's tool. Strong password protocols insure that gathered messages cannot be used off-line to computationally determine the password.
"Salt" is a value which is incorporated into the calculation of the hashed-password. The salt is typically chosen randomly at time of password selection, and stored along with the hashed-password. Another choice is to calculated salt from the user's name. Using salt, two users with the same password will have different hashed values, which makes it harder to create a pre-built dictionary of likely hashes. This technique decreases the efficiency of broad-based dictionary attack against a readable password database for many users.
The UNIX /etc/passwd mechanism used a random two-character salt for each user. Modern protocols use a larger salt, which makes broad-based attack impossible -- Each hashed-password must be attacked individually.
Salt plays the same role in a hashed-password database for network authentication, to reduce the threat if the database is revealed. The salt is typically sent from the host to the client as a prelude to password verification. But regardless of whether salt is used, protection of the password database remains a higher priority.