Hello Reindl,
On Thu, 2011-12-29 at 12:29 +0100, Reindl Harald wrote:
Am 29.12.2011 09:17, schrieb Bennett Haselton:
Even though the ssh key is more random, they're both sufficiently random that it would take at least hundreds of years to get in by trial and error.
if you really think your 12-chars password is as secure as a ssh-key protcected with this password you should consider to take some education in security
Bennett clearly states that he understands the ssh key is more random, but wonders why a 12 char password (of roughly 6 bits entropy per byte assuming upper & lower case characters and numbers) wouldn't be sufficient.
I'm fairly confident the 9 to 12 char (54 to 72 bit) passwords I use are sufficiently strong to protect my machines against remote brute force attacks via ssh. Seeing that every login attempt takes at least a second and in the default setup sshd allows a maximum of 10 threads at a time a remote brute force is not really feasible (1/2 . 2 ^ 54 . 1s / 10). Imho of course :)
Regards, Leonard.