Pete Finnigan's Oracle Security Weblog

Whilst we are on the subject of Oracle password crackers its worth mentioning the other available options (apart from the commercial ones of course). There are other tools with built in Oracle password crackers. Alex paper from my post "checkpwd Oracle password cracker now supports multi-core CPU's" has a nice performance comparison for various crackers.

Two other possible crackers are "John the Ripper" that has a module available for the Oracle password algorithm. This I mentioned in a post titled "Full disclosure list: Summary of the password algorithm and a C code plug-in for John The Ripper password cracker" over a year ago.

The other tool worth a mention is http://www.oxid.it/cain.html - (broken link) Cain and Abel which I also mentioned almost two years ago in a post titled "Great tool for security checking a PC". Version 3.3 also includes an Oracle password module. This is a good security tool and it should be in every DBA's toolkit.

Of course the final option ofr creating a great Oracle password cracker for your own use is to write your own. The algorithm is public now and the coed for John the Ripper above shows how to implement it. If you want a password cracker to work to your own rules or styles then write it in C. This book is The Bible for C.