312-50V9 · Question #568
In the context of password security, a simple dictionary attack involves loading a dictionary file (a text file full of dictionary words) into a cracking application such as L0phtCrack or John the Rip
The correct answer is C. Hybrid. A hybrid attack combines dictionary words with brute-force character variations - such as appending numbers or symbols - to crack passwords that neither method alone would efficiently break.
Question
In the context of password security, a simple dictionary attack involves loading a dictionary file (a text file full of dictionary words) into a cracking application such as L0phtCrack or John the Ripper, and running it against user accounts located by the application. The larger the word and word fragment selection, the more effective the dictionary attack is. The brute force method is the most inclusive, although slow. It usually tries every possible letter and number combination in its automated exploration. If you would use both brute force and dictionary methods combined together to have variation of words, what would you call such an attack?
Options
- AFull Blown
- BThorough
- CHybrid
- DBruteDics
How the community answered
(19 responses)- B5% (1)
- C89% (17)
- D5% (1)
Why each option
A hybrid attack combines dictionary words with brute-force character variations - such as appending numbers or symbols - to crack passwords that neither method alone would efficiently break.
'Full Blown' is not a recognized or defined term in password-cracking methodology or security literature.
'Thorough' is a generic descriptive adjective and does not name any established password attack technique.
A hybrid attack uses dictionary words as a base and then applies brute-force mutations such as appending digits, substituting characters (e.g., 'a' to '@'), or adding common suffixes to each candidate. This strategy combines the efficiency of dictionary-based guessing with the exhaustiveness of brute force, making it effective against predictable patterns like 'Password1' that survive pure dictionary attacks but are too structured to require full random brute force.
'BruteDics' is a fabricated term that does not appear in any security framework, certification body, or cracking tool documentation.
Concept tested: Hybrid password attack combining dictionary and brute force
Source: https://owasp.org/www-community/attacks/Credential_stuffing
Topics
Community Discussion
No community discussion yet for this question.