From: Jeff Smelser <tradergt@gmail.com>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] OpenSSH upgrade warning
Date: Tue, 10 Nov 2015 12:00:13 -0700 [thread overview]
Message-ID: <CAGymGE=79ycc5Fzu1-Q9sKwEGCriMpGwuDA=7N0C=1hk6yVT3Q@mail.gmail.com> (raw)
In-Reply-To: <56423DAD.5030200@gentoo.org>
[-- Attachment #1: Type: text/plain, Size: 1383 bytes --]
On Tue, Nov 10, 2015 at 11:55 AM, Michael Orlitzky <mjo@gentoo.org> wrote:
> On 11/10/2015 01:26 PM, Alan McKinnon wrote:
> >
> > I think you are approaching this problem from the wrong viewpoint. You
> > have to assume an attacker has vastly more resources to bear on the
> > problem than you have. Thanks to Amazon and the cloud, this is now a
> > very true reality. Brute force attacking a root password is nowhere near
> > as complex as the maths would lead you to believe; for one thing they
> > are decidedly not random. The fact is that they are heavily biased,
> > mostly due to 1) you need to be able to remember it and 2) you need to
> > be able to type it.
> >
> > Humans have been proven to be very bad at coming up with passwords that
> > are truly good[1] and hard for computers to figure out. And our brains
> > and very very VERY good at convincing us that our latest dumb idea is
> > awesome. Are you really going to protect the mother lode (root password)
> > with a single system proven to be quite broken and deeply flawed by
> wetware?
> >
>
> I know all that, but I asked you to assume that I'm not an idiot and
> that it would take forever to brute-force my root password =)
>
> I'm not going to tell you what it is, so you'll have to believe me.
>
>
I guess from this your assuming that everyones passwords that have been
hacked are god, birthdays and such?
[-- Attachment #2: Type: text/html, Size: 1889 bytes --]
next prev parent reply other threads:[~2015-11-10 19:00 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-11-10 1:38 [gentoo-user] OpenSSH upgrade warning Michael Orlitzky
2015-11-10 3:26 ` Jeff Smelser
2015-11-10 9:53 ` Alan Mackenzie
2015-11-10 10:02 ` Neil Bothwick
2015-11-10 10:05 ` Alan McKinnon
2015-11-10 14:47 ` Michael Orlitzky
2015-11-10 15:30 ` Alan McKinnon
2015-11-10 15:58 ` Michael Orlitzky
2015-11-10 16:13 ` J. Roeleveld
2015-11-10 16:26 ` Michael Orlitzky
2015-11-10 17:17 ` Michael Orlitzky
2015-11-10 20:52 ` wabenbau
2015-11-10 21:00 ` Michael Orlitzky
2015-11-10 21:11 ` wabenbau
2015-11-10 21:23 ` Michael Orlitzky
2015-11-10 21:48 ` Dale
2015-11-10 23:22 ` wabenbau
2015-11-10 18:26 ` Alan McKinnon
2015-11-10 18:55 ` Michael Orlitzky
2015-11-10 19:00 ` Jeff Smelser [this message]
2015-11-10 19:17 ` Michael Orlitzky
2015-11-10 19:20 ` Jeff Smelser
2015-11-10 19:23 ` Stanislav Nikolov
2015-11-10 19:25 ` Michael Orlitzky
2015-11-10 19:32 ` Stanislav Nikolov
2015-11-10 19:38 ` Michael Orlitzky
2015-11-10 19:31 ` Michael Orlitzky
2015-11-10 19:37 ` Stanislav Nikolov
2015-11-10 19:37 ` Jeff Smelser
2015-11-11 4:51 ` Walter Dnes
2015-11-12 12:05 ` Rich Freeman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAGymGE=79ycc5Fzu1-Q9sKwEGCriMpGwuDA=7N0C=1hk6yVT3Q@mail.gmail.com' \
--to=tradergt@gmail.com \
--cc=gentoo-user@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox