Comment 1 for bug 58074
Revision history for this message
| Martin Pitt (pitti) wrote Re: [Bug 58074] sshd hacked in only 50,000 tries | #1 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
status needsinfo
Hi,
Brian Visel [2006-08-29 6:51 -0000]:
> I hadn't changed the root password from initial install - I just use
> sudo.
The default install disables the root account completely. It is just
active if you did an expert installation or manually set it after
installation.
> Each character of a password is one of over 60 possibilities.
>
> ..so a 3-character password entails over 200,000 possibilities.
> ..which gives them a 23% chance of having cracked my system in the
> number of tries they did - if it was a 3-character password. 4
> character password makes it a .3% chance. 5 character password
> makes it a .00006% chance. You get the picture.
These figures do not reflect reality. Even though passwords aren't
(or, rather, shouldn't be) real language words, they still usually
contain parts of words. Due to character probabilities depending on
each other and passwords being based on dictionary words (see john)
you usually have a heavily inhomogenuous distribution. It is usually
not a problem at all to crack a passwords of 6 or fewer characters.
> ..why was my system hacked in only ~50,000 tries? ..my own idiocy
> aside -- Is there a bug in openssh-server, or some other
> vulnerability I don't know about? ..if so, is there a patch coming
> out soon?
There is probably no bug. First, we need to track down your situation:
* Did you do an expert install or set the root password explicitly
after installation?
* How long is the password? Can you post it here? (Since I guess that
you changed it after the attack anyway)