[NBLUG/talk] How do you handle physical device passwords?
Rick Moen
rick at linuxmafia.com
Mon May 8 18:26:17 PDT 2017
Quoting Chris Wagner (chris at cwcomputing.net):
> As Robert points out, you'd need the hash or really high bandwidth (and a server that wouldn't lockout the account).
Also, setup time of an ssh login session is significant.
Many years ago (90s), when my Linux machine lived directly on a T-1
line, I did some shirtsleeve calculations of how long brute-forcing
meaningfully random 8-character ssh passwords for a guessed login (like
'rick' on linuxmafia.com) would take to have a 50% chance of success.
It was so extremely long to take that strategy out of even faint
practicality except against 'joe accounts', which is why you really see
only doorknob-twisting 'attacks' [sic] in your logfiles consisting
solely of username/password combos that might be frequently used by
extremely careless people.
A high-bandwidth brute-force attack against an sshd would also draw
attention to itself if you started wondering why a 10GB
/var/log/auth.log file had caused /var to hit 100% full.
More information about the talk
mailing list