In cryptanalysis and computer security, a dictionary attack is an attack using a restricted subset of a keyspace to defeat a cipher or authentication mechanism by trying to determine its decryption key or passphrase, sometimes trying thousands or millions of likely possibilities[1] often obtained from lists of past security breaches.
Dictionary attacks are often successful, since many commonly used password creation techniques are covered by the available lists, combined with cracking software pattern generation.
Bcrypt, scrypt, and Argon2 are examples of such resource intensive functions that require significant computational power to process,[4] allowing for large improvements in security against dictionary attacks.
While other hashing functions, such as SHA and MD5, are much faster and less expensive to compute, they can still be strengthened by being applied multiple times to an input string through a process called key stretching.
A more refined approach involves the use of rainbow tables, which reduce storage requirements at the cost of slightly longer lookup-times.