[CentOS] an actual hacked machine, in a preserved state

Markus Falb markus.falb at fasel.at
Wed Jan 4 22:13:17 UTC 2012


On 4.1.2012 20:58, Bennett Haselton wrote:
> On 1/4/2012 9:32 AM, Lamar Owen wrote:
>> The slow brute-forcers are at work, and are spreading.  ...

> Well yes of course an attacker can try *particular* 12-character 
> passwords, I never said they couldn't :) ...

If you enforce use of ssh keys an attacker can try passwords but cannot
succeed because he has not the private key.

You are free however to apply a 12-character password to your private
key, then you have to know your 12-character password plus you have to
own the private key. So the whole blah about brute force becomes lame.
More secure or not?

> 
> To be absolutely clear: Do you, personally, believe there is more than a 
> 1 in a million chance that the attacker who got into my machine, got it 
> by brute-forcing the password? 

I think it was Lamar trying to point out that statistics and
probabilities are not applicable to the single individuum (at least not
to lotterie players or captains of big vessels)

-- 
Kind Regards, Markus Falb

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 307 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20120104/c32da3dc/attachment.sig>


More information about the CentOS mailing list