Definition: brute force attack

A method of defeating a cryptographic scheme by trying a large number of possibilities; for example, exhaustively working through all possible keys in order to decrypt a message.

see [en.wikipedia.org]

Definition: Dictionary Attack

In cryptanalysis and computer security, a dictionary attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by searching a large number of possibilities.

see [en.wikipedia.org]

In order to do a brute force attack, one has to go through 2^127, or 170141183460469231731687303715... possible combinations on the average to crack an AES 128 bit cipher.

The dictionaries used in a dictionary attack are much smaller, but from a cracker's point of view, they leave a giant blind spot when it comes down to 'good' passwords. We're told to use first letters of phrases to come up with these phrases, but I'm willing to bet there are a lot of repeats. For example, a patriotic American might use 0scucBtde1. Out of 300 million Americans, there's a good chance this will repeat. Note: Crackers caught on a long time ago to using digits instead of letters.

I'm not just cynical, I'm outright paranoid, and with the possability of adding to a cracker's dictionary, I won't touch this.

Carnegie Mellum University has an excellent web page about choosing a good password:

[www.cs.cmu.edu]

and CERT has an excellent section on home computer security:

[www.cert.org]

Please check out these sites and surf safely.