The Dictionary attack

The Dictionary attack

Hashes are used to store passwords. If the goal of an attacker is to find a password he can use a dictionnary attack. Since he only got the hashes it is very hard (maybe impossible) to go back through the hash function in order to get the password. However the same input will always give the same output (hash). So instead of blindly bruteforce the hash and try all the possible input a strategy which can be used is the dictionary attack.

In input you will set a list of the most used password and hope to find an output matching with the hash you want to decipher. This is not a vulnerability from the hash functions, it is an attack based on the wrong behavior from the users.