A recently disclosed bug in OpenSSH software allows attackers to make thousands of password guesses in a short period of time. The vulnerability allows them to try many more candidates than they otherwise would, researcher says. Attackers can use the bug to try thousands of passwords during an open login window, which by default lasts two minutes. People who rely on the software should take the time to ensure that they’re using a cryptographic key pair that’s at least 2,048 bits in length, expert says.”]