toor, like Tor, the leet hacker software. So it must be super secure.

That makes sense. It feels a bit mad that the difference between getting pwned super easy vs not is something simple like that. But also reassuring to know, cause I was wondering how I heard about so many hobbyist home labs etc getting compromised when it’d be pretty hard to obtain a reasonably secured private key (ie not uploaded onto the cloud or anything, not stored on an unencrypted drive that other people can easily access, etc). But if it’s just password logins that makes more sense.

How are people’s servers getting compromised? I’m no security expert (I’ve never worked in tech at all) and have a public VPS, never been compromised. Mainly just use SSH keys not passwords, I don’t do anything too crazy. Like if you have open SSH on port 22 with root login enabled and your root password is password123 then maybe but I’m surprised I’ve never been pwned if it’s so easy to get got…

Tbh it depends on who’s trying to break in and what their interest is in you. If it’s law enforcement, unless you’re of unique national significance (eg you assassinated the national leader, you whistleblew on some really sensitive documents, you did a huge terror attack), when law enforcement seize someone’s electronics and they can’t get in the usual ways they normally just give up. If you are uniquely wanted by the government they may try to torture the password out of you. But most likely they’ll decide it’s not worth the effort if they can’t break into it with their standard methods. As for non-state actors, yeah the hitting over the head with a wrench method is more likely, although I can’t think of why a non-governmental body would want to read the contents of your laptop so badly.