where a table of known passwords are used to guess a user’s password typically mitigated by: hash salting key stretching