Call: +44 (0)1904 557620 Call

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "Details of the Oracle password algorithm were revealed by its creator in 1993"] [Next entry: "A second thread on c.d.o.s. about the Oracle password algorithm"]

Red Database Security has released more Oracle password algorithm information

Alex has emailed me to let me know that he has updated his page Oracle Database Passwords to update the known details of checking Oracle database passwords based on the new password checker that he has released. He has updated the elapsed times needed to brute force each password of a number of characters. He has added links to his cracker (password checking tool) and also added some useful links at the end of the paper.

Alex has also craeted a new page titled "Oracle Password Checker (Cracker)" which details checkpwd his Oracle password cracker. As I said last night there are two versions of this cracker available. The first has a simple password list, the second a 1.5 million word list. Links are available on Alex's page and I have also added them to my Oracle Security Tools page. Alex gives examples of both methods of running the tool and also mentions that a Linux version will be available soon.