Auditing an Oracle database for security issues is very important. provides all of the information and tools that you will need Click here for details of Limited's detailed Oracle database security audit service Click here for details of Limited's Oracle Security Training Courses
There are 57 visitors online    
Cookie Policy:We only use essential cookies on small sections of this website. For details see here.

Pete Finnigan's Oracle security weblog

Home » Archives » November 2006 » Oracle password crackers

[Previous entry: "There is a newer version of the orabf Oracle password cracker available"] [Next entry: "10gR2 and failed_login_attempts"]

Oracle password crackers

November 6th, 2006 by Pete

Whilst we are on the subject of Oracle password crackers its worth mentioning the other available options (apart from the commercial ones of course). There are other tools with built in Oracle password crackers. Alex paper from my post "checkpwd Oracle password cracker now supports multi-core CPU's" has a nice performance comparison for various crackers.

Two other possible crackers are "John the Ripper" that has a module available for the Oracle password algorithm. This I mentioned in a post titled "Full disclosure list: Summary of the password algorithm and a C code plug-in for John The Ripper password cracker" over a year ago.

The other tool worth a mention is Cain and Abel which I also mentioned almost two years ago in a post titled "Great tool for security checking a PC". Version 3.3 also includes an Oracle password module. This is a good security tool and it should be in every DBA's toolkit.

Of course the final option ofr creating a great Oracle password cracker for your own use is to write your own. The algorithm is public now and the coed for John the Ripper above shows how to implement it. If you want a password cracker to work to your own rules or styles then write it in C. This book is The Bible for C.

November 2006

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

Weblog Home
Weblog Archives

Oracle Security Tools page
Oracle security papers
Oracle Security alerts

Web Development
SQL Server Security

Atom 0.3 FEED
Powered by gm-rss 2.0.0

Valid XHTML 1.0!