-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
On 14/11/18 8:44 pm, Brian wrote: > On Tue 13 Nov 2018 at 18:50:35 -0800, pe...@easthope.ca wrote: >> https://en.wikipedia.org/wiki/Brute-force_attack > > Security is already breached if a password database can be attacked > in that way. A six character (upper and lower case) login password > would take about 500 years to force for someone at the keyboard. > This assumes three seconds per try without coffee breaks. > > I'm the cautious type, so use ten character passwords. Well, yes.... but some breaches are from remote machines that may be able to life the /etc/shadow file due to a vulnerability that isn't fixed and if that's all they have, then they don't yet need more direct access. If they have /etc/shadow, then they can work on off-line brute force. I'm very surprised at the very low password strength / length recommendations to say the least! Kind Regards AndrewM -----BEGIN PGP SIGNATURE----- iHUEAREIAB0WIQTJAoMHtC6YydLfjUOoFmvLt+/i+wUCW+v3PQAKCRCoFmvLt+/i +19JAP9R3Zw7RqQDIytWTedQxVeCKMV0+gGxMAw9oO6G6gG/VgD/dJbL4dppk5Zp j5Tolqq/w0aa34exUvNHn6fqMI85HhU= =5zUS -----END PGP SIGNATURE-----
