That’s not how it typically works. Accounts are usually obtained from a hash file (like what’s in your /etc/shadow or whatever the equivalent is in Windows).
In there your typical password looks like a strong string of gibberish characters, but is actually the result of a one way function that processed the original password. When you enter you password, the function is applied to it and the result is compared to the stored one.
To break a password, you have to run stuff through that function (which is slightly computationally expensive, although using GPUs now helps quite a bit) until you find whatever matches the stored string (because it’'s a one way function). Then you have the original password. This is known as a dictionary attack (because you basically have to run through the whole dictionary).
No, a dictionary attack uses a specific collection of known passwords (usually from leaks/compromised websites etc.) and regular words. Then you apply common substitutions, like a 3 for an e or appending an !. This collection is then called a dictionary.
What you described and is referred to in the infographic is called a brute force attack.
That’s not how it typically works. Accounts are usually obtained from a hash file (like what’s in your /etc/shadow or whatever the equivalent is in Windows).
In there your typical password looks like a strong string of gibberish characters, but is actually the result of a one way function that processed the original password. When you enter you password, the function is applied to it and the result is compared to the stored one.
To break a password, you have to run stuff through that function (which is slightly computationally expensive, although using GPUs now helps quite a bit) until you find whatever matches the stored string (because it’'s a one way function). Then you have the original password. This is known as a dictionary attack (because you basically have to run through the whole dictionary).
And this concludes hacking 101 for today.
No, a dictionary attack uses a specific collection of known passwords (usually from leaks/compromised websites etc.) and regular words. Then you apply common substitutions, like a 3 for an e or appending an !. This collection is then called a dictionary.
What you described and is referred to in the infographic is called a brute force attack.
Good point, I might have written that a bit fast.
Still need to know what the salt is, assuming the website is somewhat competent about password storage.