Hello Reindl, On Thu, 2011-12-29 at 12:29 +0100, Reindl Harald wrote: > Am 29.12.2011 09:17, schrieb Bennett Haselton: > > Even though the ssh key is more > > random, they're both sufficiently random that it would take at least > > hundreds of years to get in by trial and error. > if you really think your 12-chars password is as secure > as a ssh-key protcected with this password you should > consider to take some education in security Bennett clearly states that he understands the ssh key is more random, but wonders why a 12 char password (of roughly 6 bits entropy per byte assuming upper & lower case characters and numbers) wouldn't be sufficient. I'm fairly confident the 9 to 12 char (54 to 72 bit) passwords I use are sufficiently strong to protect my machines against remote brute force attacks via ssh. Seeing that every login attempt takes at least a second and in the default setup sshd allows a maximum of 10 threads at a time a remote brute force is not really feasible (1/2 . 2 ^ 54 . 1s / 10). Imho of course :) Regards, Leonard. -- mount -t life -o ro /dev/dna /genetic/research