Guessing, or dictionary, attacks arise when an intruder exploits the fact that certain data like passwords may have low entropy, that is, stem from a small set of values. In the case of off-line guessing, in particular, the intruder may employ guessed values to analyze the messages he has observed. In this talk, I will present a semantic-based formalization of off-line guessing by giving a deduction system that is uniform and general in that it is independent of the overall protocol model and of the details of the considered intruder model, i.e. cryptographic primitives, algebraic properties, and intruder capabilities.