On Wed, 2015-02-04 at 17:50 -0700, Warren Young wrote: > > On Feb 4, 2015, at 5:43 PM, Warren Young <wyml at etr-usa.com> wrote: > > > > SSH as shipped on CentOS doesn’t allow 1,000 guesses per second, as this calculator assumes > > Hmm, just thought of a counterattack: > > If CentOS’s SSH currently allows 10 guesses per minute *per IP*, all you need to do to get 1,000 guesses per second is to rent time on a 6,000 machine botnet. Rent ? That costs money. Just crack open some Windoze machines and do it for free. That is what many hackers do. Is this safe enough ? wac4140SoeTer'#621strAAt0918;@@ Online Attack Scenario: (Assuming one thousand guesses per second) 7.26 hundred million trillion trillion trillion centuries Offline Fast Attack Scenario: (Assuming one hundred billion guesses per second) 7.26 trillion trillion trillion centuries Massive Cracking Array Scenario: (Assuming one hundred trillion guesses per second) 7.26 billion trillion trillion centuries They've obviously got slow processors. -- Regards, Paul. England, EU. Je suis Charlie.