Best practices for securing SSH server
Wojciech Puchar
wojtek at wojtek.tensor.gdynia.pl
Tue Jun 23 07:50:04 UTC 2009
>> You can't do more than maybe 10 attempts/second this way, while cracking
>> 10 character password consisting of just small letters and digits needs
>
> 10 characters is a longer than usual password. Most people have been
> conditioned into using a 7 or 8 character password, which is at least a
so that's the answer how to secure SSH server. use 10 letter random
passwords.
>> 36^10=3656158440062976 possible passwords, and over 11 milion years to
>> check all possibilities, so say 100000 years if someone is really lucky
>> and will get it after checking 1% possible password.
>
> There is a very big flaw in your analysis here. You're assuming that
> the passwords people might use are randomly and evenly distributed over
So you already confirmed what i say. It's human problem - for example
not using random passwords.
Talking about security within that context is a joke.
More information about the freebsd-questions
mailing list