[Techtalk] thoughts on OpenSSH key passphrase/ no passphrase
Mary
mary-linuxchix at puzzling.org
Fri Dec 2 07:48:08 EST 2005
On Thu, Dec 01, 2005, Wim De Smet wrote:
> What I have beent old (and is probably true) is that the protection
> from the passphrase is rather weak (as in crackable on consumer grade
> hardware).
It depends on the passphrase. There's a reason they use the term
"phrase" rather than "word": a *password* (or short passphrase in
general) is easily crackable. The cracking method is brute force: it
just tries password after password, with a bias towards passwords that
people are more likely to choose (real words, numbers that are valid
dates, real words with l turned into 1, read words with a number on the
end...). Meaningful phrases, particularly phrases from books or songs,
are also relatively attackable. Since hardware is fast and getting
faster this makes cracking faster and faster.
Here's a guide to estimating the strength of your passphrase, so that it
would take about a year to break:
http://www.iusmentis.com/security/passphrasefaq/strength/#Howstrongismypassphrase
There's some guides to various factors that make it a bit harder to
crack at
http://www.iusmentis.com/security/passphrasefaq/practical/
-Mary
More information about the Techtalk
mailing list