Call: +44 (0)7759 277220 Call

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "Oracle password crackers just got faster"] [Next entry: "Transparent Data Encryption (TDE) certified for Apps 11i"]

checkpwd has been updated to 1.22 and is around 30% faster

Alex has just released an update to his excellent Oracle dictionary passwod cracker. Oracle Password Checker (Cracker) is updated to version 1.22. This version has been compiled against the Intel tuned openssl libraries that I talked about the other day. This has made checkpwd around 30% faster. Checkpwd can be used on Linux or Windows. It can also be used standalone (without an Oracle client) and with an Oracle client so that it can connect to the database and extract the usernames and hashes to be cracked.

Alex has also updated his page Benchmark Oracle Password Cracker which shows some benchmark tests of the most popular Oracle password crackers available. This page makes interesting reading. orabf is shown to blow all away on its brute force timings but is slower in dictionary mode. I emailed orabf's author the other day to point out the intel tuning in openssl, i hope that he will respond with a recompiled orabf.