On Fri, 2005-08-26 at 09:45 +0000, Fernando Meira wrote: > On 8/26/05, Frank Schafer <[EMAIL PROTECTED]> wrote: > IYpi3tbduwbfwm > > Such a password can't be cracked by brute force. > > ... and it's easy to remember. > > If Your password is 3 times better, don't use words brute > force won't > matter. > > Well.. that just depends on how strong the password was! A brute-force > attack would get there.. sooner or later!! For being sooner than > later, the idea was to provide the attack with accurate > characteristics of the password: number of chars, alphanumeric, upper > and lower-case.. and such things.. >
Hmmm, I think the example password should be strong enough but You are right. Sooner or later it will come in (if sooner is something amongst some hundreds of years and later something amongst some thousands ;) BTW: There isn't only the password. There are log analyzers too. Let such an analyzer catch auth failure - say 20 times within less than half an hour - for root remote, then it can block access from this IP, if it catches local auth failure for root - 20 times within less than half an hour - it can logaut the user (kill his login shell) and block the account. Mine does so. Well, in this case the sooner is something amongst some millions of years and the later something amongst some trillions. ... but this already goes into the direction of IDS. -- gentoo-user@gentoo.org mailing list
