On 4.1.2012 20:58, Bennett Haselton wrote: > On 1/4/2012 9:32 AM, Lamar Owen wrote: >> The slow brute-forcers are at work, and are spreading. ... > Well yes of course an attacker can try *particular* 12-character > passwords, I never said they couldn't :) ... If you enforce use of ssh keys an attacker can try passwords but cannot succeed because he has not the private key. You are free however to apply a 12-character password to your private key, then you have to know your 12-character password plus you have to own the private key. So the whole blah about brute force becomes lame. More secure or not? > > To be absolutely clear: Do you, personally, believe there is more than a > 1 in a million chance that the attacker who got into my machine, got it > by brute-forcing the password? I think it was Lamar trying to point out that statistics and probabilities are not applicable to the single individuum (at least not to lotterie players or captains of big vessels) -- Kind Regards, Markus Falb
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos
