Auditing an Oracle database for security issues is very important. PeteFinnigan.com provides all of the information and tools that you will need Click here for details of PeteFinnigan.com Limited's detailed Oracle database security audit service Click here for details of PeteFinnigan.com Limited's Oracle Security Training Courses
There are 48 visitors online    

Pete Finnigan's Oracle security weblog


Home » Archives » December 2009 » Dennis has released a paper describing his FPGA cracker

[Previous entry: "Unwrapping PL/SQL"] [Next entry: "Buying books, writing books and uploading slides"]

Dennis has released a paper describing his FPGA cracker

December 7th, 2009 by Pete

Post to del.icio.us   Post to Furl   Digg!

I got an email from Dennis Yurichev at the beginning of last week with an article he has written about his FPGA based password cracker explaining how he created it, what tools are hardware are used and how at a high level the algorithms have been implemented. Dennis's paper titled "How to create FPGA-based Oracle RDBMS cracker that works in average 30-40 times faster [1] than password crackers on Intel Core Duo 2." is available to read and is very interesting.

There has been 2 Comments posted on this article


December 7th, 2009 at 05:34 pm

Alexander Kornbrust says:

Hi Pete

I blogged already yesterday about this FPGA paper. There is a small but important flaw in the implementation. Passwords starting with a number (alter user alex identified by "1&quotwink are not found. Dennis confirmed this issue.

Details can be found in my blog (http://blog.red-database-security.com/2009/12/06/dennis-yurichev-wrote-an-article-about-his-fpga-oracle-password-cracker/).

Regards

Alexander

--
Red-Database-Security GmbH



December 14th, 2009 at 10:48 am

Pete says:

Hi Alex,

Thanks for the comment, i was aware of this already when i tested it. At the time as Dennis had limited the character set and also the length it was relevant but sort of a side issue if you were not allowed to use the complete chartacter set to create a password starting with a digit (i.e. encase the password in quotes) then it was true but didnt help a lot.

The upside is most sites dont have passwords using digits as the first character or extended characters above a-z0-9_#$, thanks for the comment though, sorry for the delayed response I have been working away.

cheers

Pete


December 2009
SMTWTFS
  12345
6789101112
13141516171819
20212223242526
2728293031  

About

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

Search weblog

Home and Archives

Weblog Home
Weblog Archives

Recommended reading

Oracle Security Step-by-Step (Version 2.0)

Useful links

Home
Oracle Security Tools page
Oracle security papers
Oracle Security alerts

Other useful blogs

Web Development
SQL Server Security

Syndication - Feeds

RSS 1.0 FEED
RSS 2.0 FEED
Atom 0.3 FEED
Powered by gm-rss 2.0.0

Other Links




View Pete Finnigan's profile on LinkedIn

Pete Finnigan

Create Your Badge



Valid XHTML 1.0!