Re: Have I been hacked?
On Fri 09 Jan 2015 at 16:19:39 +0000, Eduardo M KALINOWSKI wrote:
> On Sex, 09 Jan 2015, Jerry Stuckle wrote:
> >SSH passwords are very safe, if they are long enough. For instance, if
> >you have a 10 character password, mixed case and numbers (no special
> >characters), a brute force attack of 100 attempts per second would take
> >almost 266 million years to cover all possibilities. 11 characters
> >would take over 16 billion years - longer than the life of the universe.
>
> If the characters are random, that is.
>
> The problem is that passwords are often not really random. So even
> seemingly secure passwords may be guessed relatively easy. This
> article gives a good overwiew about this topic:
> http://arstechnica.com/security/2013/05/how-crackers-make-minced-meat-out-of-your-passwords/
Please note that this excellent article describes off-line cracking. The
number of attempts per second is limited only by the machinery at hand.
The 100 attempts per second for on-line cracking isn't something which
can be increased to the same level. Jerry's argument still holds up.
Reply to: