On Sun 29 Jul 2012 at 22:27:08 -0300, Henrique de Moraes Holschuh wrote: > On Sun, 29 Jul 2012, Brian wrote: > > used. But if it can be demonstrated that a twenty character password can > > be forced in a time-frame which makes sense I'll stop doing it and most > > That depends. Are you using any dictionary words or easy character > permutations thereof to make a pass-phrase? If so, your 20-char password is > a lot weaker than what one might expect at first glance.
There are four dictionary words in this passphrase Allow*12Root(Logins)NOW! but it doesn't matter because you either get the whole thing or nothing. The password checkers referenced elsewhere in this thread give it 10/10. Attacking an sshd password is an online activity so, while I suppose it could be in a dictionary, this is a brilliant password; suitable for a user or for root. Even if it got guessed after a couple of hundred years you would be past caring! Debian's default of enabling root logins is sensible. How hard is it to change it should an administrator want to? What damage does it do if left as it is? -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120730201745.GY6660@desktop