Call: +44 (0)1904 557620 Call

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "Belated Christmas wishes and a happy new year to all readers"] [Next entry: "Training in York, England and Washington DC and adverts"]

Hiding password hashes and a new sha1 Oracle password cracker

There was a good blog post titled "The need to ensure that hashed password values are safe" picked up via my Oracle blogs aggregator that discusses Dennis's FPGA cracker and also the importance of not letting the password hashes out of your site.

Laszlo also emailed me today to let me know about - (broken link) Marcell Major's new brute force password cracker for databases that uses the CUDA framework for NVIDIA GPU's to implement the SHA1 algorithm for Oracle 11g database passwords and also SQL Server passwords. The cracker allows a password file to be used and also implements session handling so it can be easily used on security audits of databases. The - (broken link) cudadbcracker page is here and the - (broken link) cudadbcracker binary is here and the - (broken link) cudadbcracker course code released under GPLv3 is here.