Call: +44 (0)1904 557620 Call

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "A nice fix for the "Overwrite any file via desname in Oracle Reports" bug"] [Next entry: "Oracle Proxy Users"]

Some testing of orabf (Oracle password cracker) speed by Marcel-Jan

Marcel-Jan has posted an interesting analysis of timings of toolcrypts orabf Oracle password cracker on my Oracle security forum. Marcel-Jan has worked out the order that the brute force passwords are work through and done some timings for finding every password for particular length passwords (up to 8 characters). he has used passwords of ZZZZZZZZ. He used Z's as this ensured that all passwords are worked through first. The 8 character password took 4 days, 9 hours, 12 minutes and 38 seconds. Bear in mind that this are pure ascii passwords and passwords including numbers (digits) or special characters _#& would take much longer. And passwords using the whole keyspace would take even longer.

This means that to ensure that you have harder passwords to crack you need to use digits and special characters or ideally the whole key space for your passwords.

The thread is titled "Toolcrypt's orabf" and the post is at the end.