Call: +44 (0)1904 557620 Call

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "Secure Passwords Keep You Safer"] [Next entry: "checkpwd has been updated to 1.22 and is around 30% faster"]

Oracle password crackers just got faster

Alex made me aware of a nice article on Intel's work on tuning the already fast openssl cryptographic libraries. The paper is written by Muneesh Nagpal, server applications engineer, Core Software Division; Gururaj Nagendra, senior software engineer and architect, Software Products Division, SSG; and Alexey Omeltchenko, software engineer, Software Enabling Division, Intel Corp.

The article is titled "Boosting cryptography performance with Intel libraries" and a preview is here:

"This simple optimization walk-through improves an already-optimized sample OpenSSL application's performance by 35 percent using IntelĀ® cryptography library functions. With the increase in e-commerce and other transactions in enterprise applications, the demand for higher-performing, secure, and scalable communications is on the rise. From a hardware perspective, as the communication load increases, load balancing is typically accomplished by adding more processors."

Why is this of interest to us Oracle security types? - well because the current crop of Oracle password crackers are cracking DES and some like orabf and checkpwd use openssl. This means that Oracle password crackers will run around 40% faster simply by recompiling or relinking.