Home » Archives » October 2009 » 60 million password hashes/second Oracle password cracker available
[Previous entry: "IOUG Data Security Report 2009 is out"] [Next entry: "Oracle Security Worst Practices"]
60 million password hashes/second Oracle password cracker available
October 5th, 2009 by PeteI first chatted to Dennis Yurichev probably around a couple of years ago about his efforts to make an FPGA password cracker. We exchanged numerous emails and i think without checking back he had one FPGA cracker working that did 76 million hashes per second. Well Dennis has finally finished up his cracker and has added a web based front end to the hardware that is accessible from his website. Dennis emailed me this morning to test it out but when i tried unluckilly he had a power outage. Now his site is back up and you can go there and submit Oracle usernames and password hashes to be queued to run on the hardware. I submitted a user "DY" with a password of GH56BG8
|
The FPGA cracker is available at Dennis's site, simply cut and paste the username and the hash into the boxes on the screen, Dennis queues the job to run on the cracker. The screen updates to give you progress.
Here is a look at the cracker running (click the image to increase it):
The Oracle RDBMS passwords solver page gives some details, make sure that you don't post production passwords/hashes as these will be displayed publically.
Nice site Dennis, it will be interesting to see how much it gets used.
October 5th, 2009 at 01:40 pm
Dennis Yurichev says:
Needless to say, it is currently working only in A-Z passwords range, for the sake of demonstration speed. Full A-Z0-9#$_ range will demand 16.5 hours.