[CentOS] what percent of time are there unpatched exploits against default config?

Thu Dec 29 11:56:31 UTC 2011
Leonard den Ottolander <leonard at den.ottolander.nl>

Hello Reindl,

On Thu, 2011-12-29 at 12:29 +0100, Reindl Harald wrote:
> Am 29.12.2011 09:17, schrieb Bennett Haselton:
> > Even though the ssh key is more
> > random, they're both sufficiently random that it would take at least
> > hundreds of years to get in by trial and error.

> if you really think your 12-chars password is as secure
> as a ssh-key protcected with this password you should
> consider to take some education in security

Bennett clearly states that he understands the ssh key is more random,
but wonders why a 12 char password (of roughly 6 bits entropy per byte
assuming upper & lower case characters and numbers) wouldn't be
sufficient.

I'm fairly confident the 9 to 12 char (54 to 72 bit) passwords I use are
sufficiently strong to protect my machines against remote brute force
attacks via ssh. Seeing that every login attempt takes at least a second
and in the default setup sshd allows a maximum of 10 threads at a time a
remote brute force is not really feasible (1/2 . 2 ^ 54 . 1s / 10). Imho
of course :)

Regards,
Leonard.

-- 
mount -t life -o ro /dev/dna /genetic/research