On Wed, 2015-02-04 at 17:50 -0700, Warren Young wrote:
> > On Feb 4, 2015, at 5:43 PM, Warren Young <wyml at etr-usa.com>
wrote:
> >
> > SSH as shipped on CentOS doesn?t allow 1,000 guesses per second, as
this calculator assumes
>
> Hmm, just thought of a counterattack:
>
> If CentOS?s SSH currently allows 10 guesses per minute *per IP*, all you
need to do to get 1,000 guesses per second is to rent time on a 6,000 machine
botnet.
Rent ? That costs money. Just crack open some Windoze machines and do
it for free. That is what many hackers do.
Is this safe enough ?
wac4140SoeTer'#621strAAt0918;@@
Online Attack Scenario: (Assuming one thousand guesses per second) 7.26
hundred million trillion trillion trillion centuries
Offline Fast Attack Scenario: (Assuming one hundred billion guesses per
second) 7.26 trillion trillion trillion centuries
Massive Cracking Array Scenario: (Assuming one hundred trillion guesses
per second) 7.26 billion trillion trillion centuries
They've obviously got slow processors.
--
Regards,
Paul.
England, EU. Je suis Charlie.