On 7/29/2012 8:27 PM, Henrique de Moraes Holschuh wrote:
On Sun, 29 Jul 2012, Brian wrote:used. But if it can be demonstrated that a twenty character password can be forced in a time-frame which makes sense I'll stop doing it and most
On (exceedingly) rare occasions, it does happen that the twenty-char password is guessed in twelve minutes. On average, it might be 100-million years, but there is no guarantee.
Or there is a previously undiscovered backdoor, or a previously unknown flaw or exploit. It happens.
Enable it if you need it, disable it if you don't. Or even limit availability to 8am-to-5pm five days a week. Every little bit you can do helps a little bit.
Minimal attackable surface, and all that... Be paranoid.