Results 1 to 9 of 9

Thread: Password length

  1. #1
    Join Date
    Jun 2009
    Posts
    33

    Password length

    I was just a victim of a brute-force attack. It was on an experimental server, and so I had not locked things down like I normally do (change SSH port, use a firewall, disable root login from SSH, etc.)

    My password was only 8 characters long. What is a good size password that while still not foolproof, would be much more difficult to crack? How many characters does UNIX-based system allow?
    RTCubed Consulting, LLC - Software Engineering Services

  2. #2
    Join Date
    Jan 2004
    Location
    South East U.K.
    Posts
    1,295
    My Root password is 19 characters long, though I'd imagine Linux can cope with much longer ones.

    Have you looked at certificate based authentication (for SSH connections)? I tried a while back (though not very hard) & couldn't get it working.

  3. #3
    Join Date
    Jul 2007
    Posts
    2,050
    I was once told by an ethical hacker that passwords should have minimum 15 characters as passwords up to 14 characters can be easily hacked by a technique called LM HASH. Can anybody confirm if it is true?
    Prashant T.

    Don't run after Success. Run after Excellence and Success will soon follow.

  4. #4
    I think it should more long upto more than 10 character long in length. As Long/complex passwords prevent bruteforce attacks, nothing more.
    Support Facility | 24/7 web hosting technical support services
    Technical support | Server management | Data migration

    Technical Articles

  5. #5
    Join Date
    Sep 2007
    Posts
    368

    *

    Quote Originally Posted by RandomLittleHost View Post
    My Root password is 19 characters long, though I'd imagine Linux can cope with much longer ones.

    Have you looked at certificate based authentication (for SSH connections)? I tried a while back (though not very hard) & couldn't get it working.
    Are you referring for ldap [SSL/TLS] base ssh auth?

  6. #6
    Join Date
    Jan 2004
    Location
    South East U.K.
    Posts
    1,295
    No, I'm referring to certificate based authentication, public / private certificates are created on the server, one is installed on the client machine & set up in the SSH client.

    Sorry if my terminology's all wrong, not too clued up on such things, tried to get it working on my Putty client but couldn't.

  7. #7
    Join Date
    Sep 2007
    Posts
    368

    *

    Quote Originally Posted by RandomLittleHost View Post
    No, I'm referring to certificate based authentication, public / private certificates are created on the server, one is installed on the client machine & set up in the SSH client.

    Sorry if my terminology's all wrong, not too clued up on such things, tried to get it working on my Putty client but couldn't.

    I think you are referring to below topic

    http://www.cyberciti.biz/faq/ssh-pas...uthentication/

  8. #8
    Join Date
    Jan 2004
    Location
    South East U.K.
    Posts
    1,295
    That looks about right, it's a long time since I tried it, but might have another go now

  9. #9
    Join Date
    Sep 2007
    Posts
    368

Similar Threads

  1. Replies: 9
    Last Post: 11-26-2006, 12:08 PM
  2. Password Sentry:(Stops password sharing of your members area script)
    By radhika in forum Other Offers & Requests
    Replies: 0
    Last Post: 09-06-2004, 03:24 PM
  3. recommended length for windows password
    By kellyboyce in forum Hosting Security and Technology
    Replies: 2
    Last Post: 05-17-2004, 01:41 AM
  4. Replies: 5
    Last Post: 02-12-2003, 04:10 AM
  5. Replies: 0
    Last Post: 08-16-2002, 08:36 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •