Call: +44 (0)1904 557620 Call
Blog

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "There is a newer version of the orabf Oracle password cracker available"] [Next entry: "10gR2 and failed_login_attempts"]

Oracle password crackers



Whilst we are on the subject of Oracle password crackers its worth mentioning the other available options (apart from the commercial ones of course). There are other tools with built in Oracle password crackers. Alex paper from my post "checkpwd Oracle password cracker now supports multi-core CPU's" has a nice performance comparison for various crackers.

Two other possible crackers are "John the Ripper" that has a module available for the Oracle password algorithm. This I mentioned in a post titled "Full disclosure list: Summary of the password algorithm and a C code plug-in for John The Ripper password cracker" over a year ago.

The other tool worth a mention is http://www.oxid.it/cain.html - (broken link) Cain and Abel which I also mentioned almost two years ago in a post titled "Great tool for security checking a PC". Version 3.3 also includes an Oracle password module. This is a good security tool and it should be in every DBA's toolkit.

Of course the final option ofr creating a great Oracle password cracker for your own use is to write your own. The algorithm is public now and the coed for John the Ripper above shows how to implement it. If you want a password cracker to work to your own rules or styles then write it in C. This book is The Bible for C.