On Tue, Nov 10, 2015 at 11:55 AM, Michael Orlitzky <m...@gentoo.org> wrote:
> On 11/10/2015 01:26 PM, Alan McKinnon wrote: > > > > I think you are approaching this problem from the wrong viewpoint. You > > have to assume an attacker has vastly more resources to bear on the > > problem than you have. Thanks to Amazon and the cloud, this is now a > > very true reality. Brute force attacking a root password is nowhere near > > as complex as the maths would lead you to believe; for one thing they > > are decidedly not random. The fact is that they are heavily biased, > > mostly due to 1) you need to be able to remember it and 2) you need to > > be able to type it. > > > > Humans have been proven to be very bad at coming up with passwords that > > are truly good[1] and hard for computers to figure out. And our brains > > and very very VERY good at convincing us that our latest dumb idea is > > awesome. Are you really going to protect the mother lode (root password) > > with a single system proven to be quite broken and deeply flawed by > wetware? > > > > I know all that, but I asked you to assume that I'm not an idiot and > that it would take forever to brute-force my root password =) > > I'm not going to tell you what it is, so you'll have to believe me. > > I guess from this your assuming that everyones passwords that have been hacked are god, birthdays and such?
