On 7/29/2012 8:27 PM, Henrique de Moraes Holschuh wrote:
On Sun, 29 Jul 2012, Brian wrote:
used. But if it can be demonstrated that a twenty character password can
be forced in a time-frame which makes sense I'll stop doing it and most
On (exceedingly) rare occasions, it does happen that the twenty-char
password is guessed in twelve minutes. On average, it might be
100-million years, but there is no guarantee.
Or there is a previously undiscovered backdoor, or a previously unknown
flaw or exploit. It happens.
Enable it if you need it, disable it if you don't. Or even limit
availability to 8am-to-5pm five days a week. Every little bit you can
do helps a little bit.
Minimal attackable surface, and all that...
Be paranoid.
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/50160b26.5090...@allums.com
