Call: +44 (0)1904 557620 Call

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "Britain's hi-tech crime wave"] [Next entry: "Changed my RSS feed to spit out the first 20 words and a link to the entry"]

An interesting alternative technique to crack passwords

I was asked this afternoon what experience I had with DPA. My first guess was none as I didn't know what it meant. So I used good ol google to have a look. I pulled up a good short news article that I found titled - (broken link) Company to license device-security tools. It was published some time back, April 18 2004 to be exact and was written by Michael Kanellos. The item and the technique of DPA is very interesting so I thought I would share it here. DPA stands for Differential Power Analysis and is a technique whereby a hacker monitors variations in electrical consumption of a card that performs encryption functions. He can then do a reverse analysis to discover the passwords being used. This type of attack was found in the 90's according to this news item. This is a very interesting technique and a company called Cryptography Research has taken out more than 60 patents for technology to protect against this type of attack. There is another link in this article to another about - (broken link) differential power analysis that explains the technique in a little more detail. I am not sure that this could ever apply to an Oracle database but I suppose you should never underestimate the levels to which someone can go to hack your database.