• AnUnusualRelic@lemmy.world
    link
    fedilink
    English
    arrow-up
    10
    ·
    edit-2
    1 year ago

    That’s not how it typically works. Accounts are usually obtained from a hash file (like what’s in your /etc/shadow or whatever the equivalent is in Windows).

    In there your typical password looks like a strong string of gibberish characters, but is actually the result of a one way function that processed the original password. When you enter you password, the function is applied to it and the result is compared to the stored one.

    To break a password, you have to run stuff through that function (which is slightly computationally expensive, although using GPUs now helps quite a bit) until you find whatever matches the stored string (because it’'s a one way function). Then you have the original password. This is known as a dictionary attack (because you basically have to run through the whole dictionary).

    And this concludes hacking 101 for today.

    • Serisar@feddit.de
      link
      fedilink
      arrow-up
      4
      ·
      1 year ago

      No, a dictionary attack uses a specific collection of known passwords (usually from leaks/compromised websites etc.) and regular words. Then you apply common substitutions, like a 3 for an e or appending an !. This collection is then called a dictionary.

      What you described and is referred to in the infographic is called a brute force attack.

    • Tavarin@lemmy.ca
      link
      fedilink
      arrow-up
      2
      ·
      1 year ago

      Still need to know what the salt is, assuming the website is somewhat competent about password storage.