On Wed, 2004-10-27 at 12:13, Jim Higson wrote: > > Given enough time brute force attempts will work. Period. > > Technically, yes, but I'll probably be dead by the time they do! > > Assume passwords are made of letters of both case and numbers, and are always > 8 chars long. Of course, in reality there are more than 62 chars (IMO it's > always a good idea to have puncuation in a password) > > That's 62^8 possible passwords, or about 2.2*10^14 > > So at 1 try per second (unrealistically fast I'd say for ssh) that's 7 million > years (give or take a millenia or two) to try the whole set. > > Or, to put it another way, if I get one brute force crack attempt per second > for a whole year there's a one in seven million chance they'd gain access. > > To be honest, that's ok with me :) > -- > Jim I agree, like I said earlier it is all about managing the risk. If you take the right precautions your system will be bypassed for less secure systems. So how many ssh attempts per second can one system sustain, assuming the attempts are from multiple systems hitting at the same time? :) -- Scot L. Harris webid@xxxxxxxxxx If you wish to succeed, consult three old people.
