Subj : Re: Nightmares / Dreams
To   : McDoob
From : Andre
Date : Thu Mar 31 2022 19:30:53

 Mc> At the very least, brute-force attacks are still a thing. There's only so
 Mc> many characters in a single password. 

Assuming that someone doesn't use a cert (which I said they should) or MFA (also said they should), then password managers do the trick just fine.

Speaking as someone who has purchased more than one $20k password cracking rig, unless you're sharing passwords with a site that got hacked, it's not easy to crack a long password.

Using a randomly generated numbers/uppercase/symbols 30-char password, two websites just estimated brute force cracking to take:

  Password: hn,qJ-wJ_ZBErvKi#yzPU*~&ACCryC
  Site 1: 2 hundred trillion trillion trillion years
  Site 2: 1.769583131372137e+42 years

  Passprase: CoalWinterNowadaysLeftMiddle
  Site 1: 8 thousand years
  Site 2: 1.2651120242302712e+31 years


So no. Still not a concern. Disclaimer: I don't expose my host OS SSH globally. I do use SSH to the BBS because that's totally normal and preferred to telnet.


- Andre
--- SBBSecho 3.15-Linux
 * Origin: Radio Mentor BBS - bbs.radiomentor.org (21:3/117)

.