Re: Have I been hacked?
On 1/9/2015 4:37 PM, Bob Holtzman wrote:
> On Fri, Jan 09, 2015 at 10:49:49AM -0500, Jerry Stuckle wrote:
>
> ........snip.......
>>
>> SSH passwords are very safe, if they are long enough. For instance, if
>> you have a 10 character password, mixed case and numbers (no special
>> characters), a brute force attack of 100 attempts per second would take
>> almost 266 million years to cover all possibilities. 11 characters
>> would take over 16 billion years - longer than the life of the universe.
>
> That's the key phrase, "to cover all possibilities" Don't forget, it's
> possible to hit pay dirt on the first try...or the 3rd...or the 20th...
> or the 500th...or the 50,000th...or the last possibility.
>
> I constantly hear references to mind boggling lengths of time required
> to crack passwords/phrases. I think it's misleading, especially to a
> beginner. On the other hand I have to admit I can't come up with a
> better way.
>
> .......snip......
>
That's true. On average it will take 1/2 as long - or about 133 million
years for a 10 character password or 8 billion years for an 11 character
password.
But that's also assuming the hacker knows how long your password is.
He/she would also have to consider all possible combinations of 1-9
character passwords. That alone would take almost 4.36 million years
just to ensure the password wasn't shorter.
Of course, the hacker could also probably skip 1 character passwords (<
1 second), 2 character passwords (38 seconds), etc. But even going
through all the possibilities of 9 character passwords would take around
4.29 million years (without a hit because the password is 10 characters).
Of course, *anything* can be caught on the first, second or third try.
But the odds of hitting it on the first try are over 13 quadrillion (13
followed by 15 zeros) to 1.
You have a better chance of being struck by lightning while in an
elevator 300' underground!
Jerry
Reply to: