Previous Topic Next topic Print topic


Dictionary Attack

Restriction: This topic applies only when the Enterprise Server feature is enabled.

This type of attack can be used when the attacker knows or guesses some part of your original message. In the case of a protocol, this may be easy - for example, in HTTP messages the "get" command often appears.

The attacker takes the known cleartext and encrypts it using every possible key. The resulting set of ciphertexts is saved. This set of saved ciphertexts is called a dictionary.

When the attacker gets hold of an encrypted message, he or she searches it for occurrences of any of these ciphertexts. When a match is found, then the key that gave that ciphertext must be the key that was used to encrypt the whole message.

SSL protects you from this kind of attack by using various technical measures that ensure the same plain text produces different ciphertext each time.

Previous Topic Next topic Print topic