On Fri 09 Jan 2015 at 16:19:39 +0000, Eduardo M KALINOWSKI wrote: > On Sex, 09 Jan 2015, Jerry Stuckle wrote: > >SSH passwords are very safe, if they are long enough. For instance, if > >you have a 10 character password, mixed case and numbers (no special > >characters), a brute force attack of 100 attempts per second would take > >almost 266 million years to cover all possibilities. 11 characters > >would take over 16 billion years - longer than the life of the universe. > > If the characters are random, that is. > > The problem is that passwords are often not really random. So even > seemingly secure passwords may be guessed relatively easy. This > article gives a good overwiew about this topic: > http://arstechnica.com/security/2013/05/how-crackers-make-minced-meat-out-of-your-passwords/
Please note that this excellent article describes off-line cracking. The number of attempts per second is limited only by the machinery at hand. The 100 attempts per second for on-line cracking isn't something which can be increased to the same level. Jerry's argument still holds up. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/09012015175110.acd723095...@desktop.copernicus.demon.co.uk
