SSH hacked?

Brian ad44 at
Wed Jan 14 11:14:24 UTC 2009

On Wed 14 Jan 2009 at 12:03:20 +1000, Res wrote:

> love to know who does your math :)

There are about 70 alphabetic, numerical and other symbols which could
be chosen. A 20 character password has 10^36 combinations. At 1 per
second it would take 10^29 years to list them. We'll be generous and
allow a bot not to have to consider passwords with 19 character or
fewer, to know a username, make 1000 attempts per second and have a
successful outcome after testing 1% of the possibilities. It has in the
region of 10^24 years of work ahead.

Reducing the annoyance of bot probing with fail2ban, denyhosts or a port
knocking technique is something to consider. It does not enhance
security though.

More information about the ubuntu-users mailing list