this post was submitted on 05 Jul 2024
95 points (99.0% liked)

Cybersecurity

5652 readers
48 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Community Rules

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected]

Notable mention to [email protected]

founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 1 points 4 months ago

By guessing the correct password, which is where this brute force dictionary comes in. A database, or other encrypted file, has no means of preventing repeat guesses, so you can take as many bites at the apple as you want. With high end GPU clusters you can attempt thousands of guesses per second. If you restrict your guesses to likely answers only (which is the point of the password list) you can break through in a pretty reasonable amount of time, assuming a vaguely common password was used. Of course, if the database or file is encrypted with something like a random and sufficiently long alphanumeric password or similar, that's a whole different story, and your odds of getting in go down significantly.

There are other attacks of course, but those get significantly more complicated and rely on there being some sort of flaw in the encryption scheme to exploit, or you managing to find the password by some other means (sniff it out of memory while the system is live, social engineering, etc).