Re: [gentoo-user] OpenSSH upgrade warning

[Stanislav Nikolov]

On 11/10/2015 09:17 PM, Michael Orlitzky wrote:
> On 11/10/2015 02:00 PM, Jeff Smelser wrote:
>> I guess from this your assuming that everyones passwords that have been
>> hacked are god, birthdays and such?
>>
> Again: assume that I'm not an idiot, and that I know how to choose a
> long, random password. It cannot be brute-forced. And if it could,
> adding an SSH key encrypted with a password of the same length would
> provide no extra security.
>
>
Are you sure you know how such keys work? An extremely 15 character password 
(Upper case, lower case, numbers, 8 more symbols) gives you 
~4747561509943000000000000000 combinations. Just a simple 2048 bit key on the 
other hand (~180 of which are "secure") 
1532495540865888858358347027150309183618739122183602176. Thats ALOT moar. You 
don't have to generate the key from a password!