Skip to content
Related Articles
Open in App
Not now

Related Articles

What is Codebook Attack?

Improve Article
Save Article
  • Last Updated : 13 Nov, 2022
Improve Article
Save Article

The codebook attack is a very common password hacking technique where the hacker guesses the passwords of a user by using common phrases and words as password phrases. Hackers always use this method when a dictionary attack has not been able to retrieve any meaningful results. Codebooks are usually data stored in files on the web server, which contain nothing but common words used as passwords by users. The most popular codebook is a list of passwords that can be recovered through John The Ripper software utility. At some point, someone will start to suspect that they have been the target of a codebook attack. This is when a hacker has exfiltrated sensitive data, often in the form of an encrypted file, and is holding it for ransom in exchange for money. In order to decrypt this file, an individual must send them $USD or another cryptocurrency. The best way to protect against a codebook attack is not by paying them off but by researching and implementing stronger encryption practices at your company. The longer an attacker has had access to your system and data, the greater the chance that they are able to compromise it further.

Concept of Codebook


Applications and Features:

This attack is used in combination with an encrypted file, commonly referred to as a ransom note. The attacker will steal sensitive information and then encrypt the file using a strong encryption algorithm (40-bit AES or 128-bit AES). This means that only algorithms certified by NIST can break the encryption.

  • Argument 1: The key length is generally considered to be 20 or 64 bits (which are often referred to as 16 and 256 bits) for symmetric key cryptography, depending on the algorithm being implemented.
  • Argument 2: It’s possible to encrypt files much faster than it takes for humanly readable text to pass through a modem.

Mode of Operation: 

Attackers will use a variety of methods to create a functioning codebook. The most common technique, however, is to use an automated system that can generate large amounts of random data, which is then used to create thousands of different encryption algorithms. This process can be extremely time-consuming depending on the size of the file that is being encrypted. For example, if the attacker has stolen a company’s encryption key for their file server and has access to 10 GB of sensitive data, it could take months for them to collect enough random numbers to encrypt all 10 GB using a codebook attack.

Stream Ciphers and Defense in IKE:

Stream ciphers work by using a combination of plaintext data, an encryption key, and a nonce. It is usually just a random number, but it can also come from plaintext data or another source that is typically outside the scope of what is being encrypted. Encryption algorithms operate on a bit-by-bit or block-by-block basis; however, stream ciphers use a variable amount of bits at any given time. This allows for the encryption to continue bit by bit as each new plaintext byte comes in.


Codebook attack is very easy to perform and can be done easily on Linux. If you do not have the password file, you need to obtain it from the target website manually or through any other means. Then, you need to convert the password hash into plain text using John The Ripper software utility.

  • John The Ripper software utility is a very important program if you are going to perform a password-cracking test. It is a very efficient password cracker and can be easily used to recover passwords of any website.
  • Once you have the plain text password of the target, you can search it in the codebook file and find the exact password. If your password is found in the codebook file, it means that your password is in use. It could be guessed using any other techniques and techniques.
  • But if your password is not found in the codebook file, then there are chances that it is a totally new one and has never been seen before by hackers. 
    This type of homemade codebook is called a “newbie codebook” or “noob codebook”.
  • These codebooks can be created with the help of a very easy-to-use tool, which is available online. It completely works on Linux and has its own database of more than 50000 most common passwords.


A codebook attack is more efficient and better than dictionary attack because it recovers passwords that are hard to guess using other attacks. It is also better than rainbow tables because it recovers the exact password rather than the “almost matching” one. There are many free codebooks available on the internet that anyone can download for free and start using to recover their own password or someone else’s too.

My Personal Notes arrow_drop_up
Related Articles

Start Your Coding Journey Now!