lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Date: 1 Oct 2008 11:37:51 -0000
From: pete@...efinnigan.com
To: bugtraq@...urityfocus.com
Subject: Oracle Password Cracker written in PL/SQL

Hi Guys, 

I have just released a free Oracle password cracker written completely in PL/SQL on my website. The reason for doing this is to try and encourage people to "test" passwords for strength in their own databases. I am not seeing any real improvements in password strength generally across the industry over the last 8 years. 

It is not the intention to replace the fast C based crackers such as woraauthbf but instead to suppliment it. In my experience I find that people have not covered the bases yet, that is they still have passwords set to usernames, passwords set to defaults and also extremely weak passwords. 

I often suggest to people to download binary based crackers but there is often a reticence to do this. Hence I decided to create a PL/SQL based one. This way there is no excuse, its a SQL script that can be run in SQL*Plus and also its going to find the core issues anyway before you need a faster cracker. 

Some details on how it works and what it does are included in the page http://www.petefinnigan.com/oracle_password_cracker.htm for the cracker. You can also download it from the same page. 

hope its useful 

cheers 

Pete

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ