On 11/10/2015 01:26 PM, Alan McKinnon wrote:
>
> I think you are approaching this problem from the wrong viewpoint. You
> have to assume an attacker has vastly more resources to bear on the
> problem than you have. Thanks to Amazon and the cloud, this is now a
> very true reality. Brute force attacking a root password is nowhere near
> as complex as the maths would lead you to believe; for one thing they
> are decidedly not random. The fact is that they are heavily biased,
> mostly due to 1) you need to be able to remember it and 2) you need to
> be able to type it.
>
> Humans have been proven to be very bad at coming up with passwords that
> are truly good[1] and hard for computers to figure out. And our brains
> and very very VERY good at convincing us that our latest dumb idea is
> awesome. Are you really going to protect the mother lode (root password)
> with a single system proven to be quite broken and deeply flawed by wetware?
>

I know all that, but I asked you to assume that I'm not an idiot and
that it would take forever to brute-force my root password =)

I'm not going to tell you what it is, so you'll have to believe me.