On Sex, 09 Jan 2015, Jerry Stuckle wrote:
SSH passwords are very safe, if they are long enough. For instance, if you have a 10 character password, mixed case and numbers (no special characters), a brute force attack of 100 attempts per second would take almost 266 million years to cover all possibilities. 11 characters would take over 16 billion years - longer than the life of the universe.
If the characters are random, that is.The problem is that passwords are often not really random. So even seemingly secure passwords may be guessed relatively easy. This article gives a good overwiew about this topic:
http://arstechnica.com/security/2013/05/how-crackers-make-minced-meat-out-of-your-passwords/ -- Eduardo M KALINOWSKI eduardo@kalinowski.com.br