On Tue, 2008-06-03 at 10:21 +0800, jam wrote: > On Tuesday 03 June 2008 08:50:26 [EMAIL PROTECTED] wrote: > > [...] > > > > > The server had ssh access enabled via password entry and fell victim > > > to a brute force password attack.
> > First thanks to everyone who contributed to this interesting thread :-) > > Some (and this is critique :-) not criticism) had credible offers eg Mary and > turning sendmail into an open relay, but many just had a BadThing happen. > > Daniel talks about 'brute forcing' a password: > say [EMAIL PROTECTED]&*()_/?] and 6 chars passwords > > 6**70 umm 70 * log (2) and 10**8 brute forces / sec I think you mean the much more sedate number of 70^6 combinations. At 10^8 tests per sec, that's a much scarier (70^6)/(10^8) = 1176.5 secs, or under 20 mins to check the entire password space. Fortunately, external brute-force testing of passwords doesn't typically run to anything like that many tests per second! J. -- Jan Schmidt <[EMAIL PROTECTED]> -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html