'According to data collected by Microsoft's network of honeypot servers, most brute-force attackers primarily attempt to guess short passwords, with very few attacks targeting credentials that are either long or contain complex characters. From a report: "I analysed the credentials entered from over -- million brute force attacks against SSH. This is around 30 days of data in Microsoft's sensor network," said Ross Bevington, a security researcher at Microsoft. "77% of attempts used a password between 1 and 7 characters. A password over 10 characters was only seen in 6% of cases," said Bevington, who works as Head of Deception at Microsoft, a position in which he's tasked with creating legitimate-looking honeypot systems in order to study attacker trends.' -- source: https://it.slashdot.org/story/21/11/22/2036243 Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 (office) +64 (7) 577-5304 (home office) http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/