Re: Linux Password Cracking

From: Chris Cox (ccox_nopenotthis_at_airmail.net)
Date: 08/08/03


Date: Thu, 07 Aug 2003 17:16:37 -0500

Wolfgang Fischer wrote:
> On Wed, 06 Aug 2003 18:24:18 +0300, Timo Voipio wrote:
>
>
>>If there was a remote program to crack the box the box would be
>>insecure.
>
>
> You can try to login via telnet/ssh again and again to check thousands of
> passwords. However, this will only work with __very__ insecure passwords.

On any default config even, this will be a painfully slow process.
However, if you have... let's say... 10-15 years.. you can probably
crack one 6 character password or two.

A reasonable secure config will start blocking by IP which could extend
the amount of time well into the 1,000's of years.