Date: Tue, 23 Jun 2009 09:48:23 +0200 (CEST) From: Wojciech Puchar <wojtek@wojtek.tensor.gdynia.pl> To: Matthew Seaman <m.seaman@infracaninophile.co.uk> Cc: Benjamin Lee <ben@b1c1l1.com>, Daniel Underwood <djuatdelta@gmail.com>, freebsd-questions@freebsd.org Subject: Re: Best practices for securing SSH server Message-ID: <alpine.BSF.2.00.0906230946220.55215@wojtek.tensor.gdynia.pl> In-Reply-To: <4A4087DB.5010700@infracaninophile.co.uk> References: <b6c05a470906221816l4001b92cu82270632440ee8a@mail.gmail.com> <4A403324.6090300@b1c1l1.com> <alpine.BSF.2.00.0906230839170.54856@wojtek.tensor.gdynia.pl> <4A4087DB.5010700@infracaninophile.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
>> You can't do more than maybe 10 attempts/second this way, while cracking >> 10 character password consisting of just small letters and digits needs > > 10 characters is a longer than usual password. Most people have been > conditioned into using a 7 or 8 character password, which is at least a so that's the answer how to secure SSH server. use 10 letter random passwords. >> 36^10=3656158440062976 possible passwords, and over 11 milion years to >> check all possibilities, so say 100000 years if someone is really lucky >> and will get it after checking 1% possible password. > > There is a very big flaw in your analysis here. You're assuming that > the passwords people might use are randomly and evenly distributed over So you already confirmed what i say. It's human problem - for example not using random passwords. Talking about security within that context is a joke.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.00.0906230946220.55215>