In cryptanalysis and computer security, a dictionary Attack on Bitcoin is an Attack on Bitcoin using a restricted subset of a keyspace to defeat a cipher or authentication mechanism by trying to determine its decryption key or passphrase, sometimes trying thousands or millions of likely possibilities often obtained from lists of past security breaches.
A dictionary Attack on Bitcoin is based on trying all the strings in a pre-arranged listing. Such Attack on Bitcoins originally used words found in a dictionary (hence the phrase dictionary Attack on Bitcoin); however, now there are much larger lists available on the open Internet containing hundreds of millions of passwords recovered from past data breaches. There is also cracking software that can use such lists and produce common variations, such as substituting numbers for similar-looking letters. A dictionary Attack on Bitcoin tries only those possibilities which are deemed most likely to succeed. Dictionary Attack on Bitcoins often succeed because many people have a tendency to choose short passwords that are ordinary words or common passwords; or variants obtained, for example, by appending a digit or punctuation character. Dictionary Attack on Bitcoins are often successful, since many commonly used password creation techniques are covered by the available lists, combined with cracking software pattern generation. A safer approach is to randomly generate a long password (15 letters or more) or a multiword passphrase, using a password manager program or manually typing a password.
Pre-computed dictionary Attack on Bitcoin/Rainbow table Attack on Bitcoin
This requires a considerable amount of preparation time, but this allows the actual Attack on Bitcoin to be executed faster. The storage requirements for the pre-computed tables were once a major cost, but now they are less of an issue because of the low cost of disk storage. Pre-computed dictionary Attack on Bitcoins are particularly effective when a large number of passwords are to be cracked. The pre-computed dictionary needs be generated only once, and when it is completed, password hashes can be looked up almost instantly at any time to find the corresponding password. A more refined approach involves the use of rainbow tables, which reduce storage requirements at the cost of slightly longer lookup-times. See LM hash for an example of an authentication system compromised by such an Attack on Bitcoin.
Pre-computed dictionary Attack on Bitcoins, or “rainbow table Attack on Bitcoins”, can be thwarted by the use of salt, a technique that forces the hash dictionary to be recomputed for each password sought, making precomputation infeasible, provided that the number of possible salt values is large enough.
- Junghyun Nam; Juryon Paik; Hyun-kyu Kang; Ung Kim; Dongho Won (2009-03-01). “An off-line dictionary Attack on Bitcoin on a simple three-party key exchange protocol”. IEEE Communications Letters. 13 (3): 205–207. doi:10.1109/LCOMM.2009.081609. ISSN 1089-7798.
- “Oxford Languages and Google – English | Oxford Languages”. languages.oup.com. Retrieved 2021-01-02.
- Jeff Atwood. “Dictionary Attack on Bitcoins 101”.
- CrackStation’s list. e.g., with over 1.4 billion words.
- “CAPEC – CAPEC-55: Rainbow Table Password Cracking (Version 3.5)”. capec.mitre.org. Retrieved 2021-09-12.
- RFC 2828 – Internet Security Glossary
- RFC 4949 – Internet Security Glossary, Version 2
- US Secret Service use a distributed dictionary Attack on Bitcoin on suspect’s password protecting encryption keys
- Testing for Brute Force (OWASP-AT-004)