On 4.1.2012 20:58, Bennett Haselton wrote:
On 1/4/2012 9:32 AM, Lamar Owen wrote:
The slow brute-forcers are at work, and are spreading. ...
Well yes of course an attacker can try *particular* 12-character passwords, I never said they couldn't :) ...
If you enforce use of ssh keys an attacker can try passwords but cannot succeed because he has not the private key.
You are free however to apply a 12-character password to your private key, then you have to know your 12-character password plus you have to own the private key. So the whole blah about brute force becomes lame. More secure or not?
To be absolutely clear: Do you, personally, believe there is more than a 1 in a million chance that the attacker who got into my machine, got it by brute-forcing the password?
I think it was Lamar trying to point out that statistics and probabilities are not applicable to the single individuum (at least not to lotterie players or captains of big vessels)