Call: +44 (0)1904 557620 Call

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "Secure Coding in PL/SQL"] [Next entry: "An Appreciation of Auditing and Securing Oracle"]

Oracle Database Passwords

I did a presentation in Slovenia in 2021 around Oracle database passwords and I have today just posted the MS PPT slide to our site - Oracle Database Passwords and we have also updated our Oracle Security white papers page to link to this presentation.

This is an interesting talk and focuses on all things database password. We first define the problem; this is easy; if you find a password or guess or crack a password its the easiest way to exploit a database. We don't then need clever hacks using SQL Injection or anything else; we just log in as the attacker.

The talk then goes on to discuss the password algorithms used in the database and how they work in detail. We then focus on cracking password or more importantly potentially how long can a password stand up to being attacked. We use an Excel spreadsheet to look at this and we can vary the length of the password and the character set used and work out how long the password would take to crack. Why do we do this? we need to know how long passwords can last so we can design password profiles and complexity functions. It is no use stating that a password life time is 180 days and then not enforcing passwords that can not be cracked in less than 180 days.

We discuss the security of passwords and their hashes, the design of profiles and also the use of password safes.

This is an interesting talk so please have a look at my slides

#oracleace #23c #oracle #database #password #security #cracking