Comment Re: There we go again (Score 1) 383
I am going to have to side with AC-x, here, you don't have a fundamental understanding of what he is putting forth in this discussion. You seem to be defending your points without fully understanding them.
I fully understood what he put forth and repeatedly stated that it had no relation to the context of my original statement.
Dictionary attacks are not used on things that are rate limited - they are used on grabbed hashes.
Not true. A dictionary attack has no such prerequisite. Dictionary attacks are used all the time even when you have no grabbed hash. You're simply redefining the term.
Wikipedia:
In cryptanalysis and computer security, a dictionary attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by trying hundreds or sometimes millions of likely possibilities, such as words in a dictionary.
Technique
A dictionary attack uses a targeted technique of successively trying all the words in an exhaustive list called a dictionary (from a pre-arranged list of values).[1] In contrast with a brute force attack, where a large proportion key space is searched systematically, a dictionary attack tries only those possibilities which are most likely to succeed, typically derived from a list of words for example a dictionary (hence the phrase dictionary attack). Generally, dictionary attacks succeed because many people have a tendency to choose passwords which are short (7 characters or fewer), such as single words found in dictionaries or simple, easily predicted variations on words, such as appending a digit. However these are easy to defeat. Adding a single random character in the middle can make dictionary attacks untenable. Unlike Brute-force attacks, Dictionary attacks are not guaranteed to succeed.
Funny, not a single mention of a grabbed hash and I can find many such more definitions and explanations that also contain no such prerequisite.