[CentOS] an actual hacked machine, in a preserved state

Markus Falb markus.falb at fasel.at
Wed Jan 4 22:13:17 UTC 2012

On 4.1.2012 20:58, Bennett Haselton wrote:
> On 1/4/2012 9:32 AM, Lamar Owen wrote:
>> The slow brute-forcers are at work, and are spreading.  ...

> Well yes of course an attacker can try *particular* 12-character 
> passwords, I never said they couldn't :) ...

If you enforce use of ssh keys an attacker can try passwords but cannot
succeed because he has not the private key.

You are free however to apply a 12-character password to your private
key, then you have to know your 12-character password plus you have to
own the private key. So the whole blah about brute force becomes lame.
More secure or not?

> To be absolutely clear: Do you, personally, believe there is more than a 
> 1 in a million chance that the attacker who got into my machine, got it 
> by brute-forcing the password? 

I think it was Lamar trying to point out that statistics and
probabilities are not applicable to the single individuum (at least not
to lotterie players or captains of big vessels)

Kind Regards, Markus Falb

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 307 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20120104/c32da3dc/attachment.sig>

More information about the CentOS mailing list