This is what I would like to know. If strong ssh passwords can be broken then there is a bigger issue than just turn off ssh password log in.

I am pretty sure that 16 character random passwords are safe from dictionary attacks, and I suspect you and I are using the same process for protecting these passwords. tptacek is leary of our process while you and I are leary of the certs getting out of our control without our knowledge. Security is a handful of trade offs.