Call: +44 (0)7759 277220 Call
Blog

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "Belated Christmas wishes and a happy new year to all readers"] [Next entry: "Training in York, England and Washington DC and adverts"]

Hiding password hashes and a new sha1 Oracle password cracker



There was a good blog post titled "The need to ensure that hashed password values are safe" picked up via my Oracle blogs aggregator that discusses Dennis's FPGA cracker and also the importance of not letting the password hashes out of your site.

Laszlo also emailed me today to let me know about Marcell Major's new brute force password cracker for databases that uses the CUDA framework for NVIDIA GPU's to implement the SHA1 algorithm for Oracle 11g database passwords and also SQL Server passwords. The cracker allows a password file to be used and also implements session handling so it can be easily used on security audits of databases. The cudadbcracker page is here and the cudadbcracker binary is here and the cudadbcracker course code released under GPLv3 is here.