From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 904961384B4 for ; Tue, 10 Nov 2015 19:38:06 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 2885E21C080; Tue, 10 Nov 2015 19:37:47 +0000 (UTC) Received: from mail-yk0-f176.google.com (mail-yk0-f176.google.com [209.85.160.176]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 1447821C077 for ; Tue, 10 Nov 2015 19:37:41 +0000 (UTC) Received: by ykdv3 with SMTP id v3so12206170ykd.0 for ; Tue, 10 Nov 2015 11:37:40 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=WwMLn8NvY2xsG36O7ynNhPzgs7LEmzxOyntQJZK6gqg=; b=nVf6mRnqwx6ZimN93eMu2ZPfspSrEeIWNTuC84BAO2wpx/1WPCTChOb0j+XlwT3O6e 6r3FYG8v/0fRJBrbUCQza+xXF+lmD2GBDTBBit9OqBoKSbCnQoTrsvNeAxo4IO40dWaT LQ37rB7H353Unduhb/cWjMksXHUoEZGMaRbFOFh30wpT2ccYtP+vSv4DvtpsmubFvmsf QVHzRrt/A6m6YX8i6d2BIFSTAIGqRyVetPhrBtizqKENFExynVpkLCIYtiJNNzkvLldy LM5eM+mh6lsUSy9XbrHCs21OSYzTFPKRBiX7tItlZssz7Tz8BeHO5BnFsUka1Nd7MNsN 0CdA== Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 X-Received: by 10.129.117.4 with SMTP id q4mr5209659ywc.153.1447184260365; Tue, 10 Nov 2015 11:37:40 -0800 (PST) Received: by 10.37.115.141 with HTTP; Tue, 10 Nov 2015 11:37:40 -0800 (PST) In-Reply-To: <56424612.7070806@gentoo.org> References: <56414A8C.1080701@gentoo.org> <56420397.8010504@gentoo.org> <56420DB1.80302@gmail.com> <56421438.4080202@gentoo.org> <564236F0.9020503@gmail.com> <56423DAD.5030200@gentoo.org> <564242CF.2050602@gentoo.org> <56424426.2030708@gmail.com> <56424612.7070806@gentoo.org> Date: Tue, 10 Nov 2015 12:37:40 -0700 Message-ID: Subject: Re: [gentoo-user] OpenSSH upgrade warning From: Jeff Smelser To: gentoo-user@lists.gentoo.org Content-Type: multipart/alternative; boundary=001a1147e538c385ed052434d7a8 X-Archives-Salt: 406de6f3-307e-4232-82ce-a5243ca18386 X-Archives-Hash: 69ec9d2d4473a6ef40e5f097a26f60ff --001a1147e538c385ed052434d7a8 Content-Type: text/plain; charset=UTF-8 Again, your not understanding that brute force is not entirely how you think it works. As a former employee of a large tech company. They are much more cunning how they do it these days.. If you wanted to break into an account, would you really start with a and work your way up? Come on. Accounts are broken into all the time and they claimed their passwords were awesome.. Your not an idiot, you just need to do more research on how hackers get in. On Tue, Nov 10, 2015 at 12:31 PM, Michael Orlitzky wrote: > On 11/10/2015 02:23 PM, Stanislav Nikolov wrote: > > > > > > On 11/10/2015 09:17 PM, Michael Orlitzky wrote: > >> On 11/10/2015 02:00 PM, Jeff Smelser wrote: > >>> I guess from this your assuming that everyones passwords that > >>> have been hacked are god, birthdays and such? > >>> > >> Again: assume that I'm not an idiot, and that I know how to choose > >> a long, random password. It cannot be brute-forced. And if it > >> could, adding an SSH key encrypted with a password of the same > >> length would provide no extra security. > >> > >> > > Are you sure you know how such keys work? An extremely 15 character > > password (Upper case, lower case, numbers, 8 more symbols) gives you > > ~4747561509943000000000000000 combinations > > > And since no one seems to believe me, if you could try a million > passwords a second (over the network!), it would take you about > 75,272,093,955,210 years to try half of those combinations. > > > --001a1147e538c385ed052434d7a8 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Again, your not understanding =C2=A0that brute force is no= t entirely how you think it works. As a former employee of a large tech com= pany. They are much more cunning how they do it these days..

=
If you wanted to break into an account, would you really start with a = and work your way up?

Come on.

Accounts are broken into all the time and they claimed their password= s were awesome..=C2=A0

Your not an idiot, you just= need to do more research on how hackers get in.

On Tue, Nov 10, 2015 at 12:31 PM= , Michael Orlitzky <mjo@gentoo.org> wrote:
On 11/10/2015 02:23 PM, Stanislav Nikolov wr= ote:
>
>
> On 11/10/2015 09:17 PM, Michael Orlitzky wrote= :
>> On 11/10/2015 02:00 PM, Jeff Smelser wrote:
>>> I guess from this your assuming that everyones passwords that<= br> >>> have been hacked are god, birthdays and such?
>>>
>> Again: assume that I'm not an idiot, and that I know how to ch= oose
>> a long, random password. It cannot be brute-forced. And if it
>> could, adding an SSH key encrypted with a password of the same
>> length would provide no extra security.
>>
>>
> Are you sure you know how such keys work? An extremely 15 character > password (Upper case, lower case, numbers, 8 more symbols) gives you > ~4747561509943000000000000000 combinations


And since no one seems to believe me, if you could try a million
passwords a second (over the network!), it would take you about
75,272,093,955,210 years to try half of those combinations.



--001a1147e538c385ed052434d7a8--