Dictionary Attack-some numbers Typical password dictionary -1,000,000 entries of common passwords people's names,common pet names,and ordinary words -Suppose you generate and analyze 10 guesses per second This may be reasonable for a web site;offline is much faster -Dictionary attack in at most 100,000 seconds =28 hours,or 14 hours on average If passwords were random -Assume six-character password Upper-and lowercase letters,digits,32 punctuation characters 689,869,781,056 password combinations. Exhaustive search requires 1,093 years on average To prevent using one dictionary to crack many passwords,Unix uses the idea of salt:usernamelsaltMD(salt,password) CSE825 55 Dictionary Attack – some numbers  Typical password dictionary ─ 1,000,000 entries of common passwords ● people's names, common pet names, and ordinary words. ─ Suppose you generate and analyze 10 guesses per second ● This may be reasonable for a web site; offline is much faster ─ Dictionary attack in at most 100,000 seconds = 28 hours, or 14 hours on average  If passwords were random ─ Assume six-character password ● Upper- and lowercase letters, digits, 32 punctuation characters ● 689,869,781,056 password combinations. ● Exhaustive search requires 1,093 years on average  To prevent using one dictionary to crack many passwords, Unix uses the idea of salt: username|salt|MD(salt, password). CSE825