Security....
Scot L. Harris
webid at cfl.rr.com
Wed Oct 27 18:09:13 UTC 2004
On Wed, 2004-10-27 at 12:13, Jim Higson wrote:
> > Given enough time brute force attempts will work. Period.
>
> Technically, yes, but I'll probably be dead by the time they do!
>
> Assume passwords are made of letters of both case and numbers, and are always
> 8 chars long. Of course, in reality there are more than 62 chars (IMO it's
> always a good idea to have puncuation in a password)
>
> That's 62^8 possible passwords, or about 2.2*10^14
>
> So at 1 try per second (unrealistically fast I'd say for ssh) that's 7 million
> years (give or take a millenia or two) to try the whole set.
>
> Or, to put it another way, if I get one brute force crack attempt per second
> for a whole year there's a one in seven million chance they'd gain access.
>
> To be honest, that's ok with me :)
> --
> Jim
I agree, like I said earlier it is all about managing the risk. If you
take the right precautions your system will be bypassed for less secure
systems.
So how many ssh attempts per second can one system sustain, assuming the
attempts are from multiple systems hitting at the same time? :)
--
Scot L. Harris
webid at cfl.rr.com
If you wish to succeed, consult three old people.
More information about the fedora-list
mailing list