There was a good blog post titled "The need to ensure that hashed password values are safe" picked up via my Oracle blogs aggregator that discusses Dennis's FPGA cracker and also the importance of not letting the password hashes out of your site.
Laszlo also emailed me today to let me know about http://marcellmajor.com/ - (broken link) Marcell Major's new brute force password cracker for databases that uses the CUDA framework for NVIDIA GPU's to implement the SHA1 algorithm for Oracle 11g database passwords and also SQL Server passwords. The cracker allows a password file to be used and also implements session handling so it can be easily used on security audits of databases. The http://marcellmajor.com/frame_cudadbcracker.html - (broken link) cudadbcracker page is here and the http://marcellmajor.com/cudadbcracker_binaries.zip - (broken link) cudadbcracker binary is here and the http://marcellmajor.com/cudadbcracker_source.zip - (broken link) cudadbcracker course code released under GPLv3 is here.
Blog
Pete Finnigan's Oracle Security Weblog
This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.
[Previous entry: "Belated Christmas wishes and a happy new year to all readers"] [Next entry: "Training in York, England and Washington DC and adverts"]
January 2010
- Hiding password hashes and a new sha1 Oracle password cracker - 01/04/2010 by 01/04/2010
- Training in York, England and Washington DC and adverts - 01/05/2010 by 01/05/2010
- Conferences, webinars, trainings, new training dates..... - 01/19/2010 by 01/19/2010
- Two new Oracle root kits - 01/20/2010 by 01/20/2010
Archives
Syndication
Powered by gm-rss 2.0.0
