| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 01 Oct 2008 12:38:02 +0100 From: Pete Finnigan <pete@...efinnigan.com> To: full-disclosure@...ts.grok.org.uk Subject: Oracle password cracker written in PL/SQL Hi Guys, I have just released a free Oracle password cracker written completely in PL/SQL on my website. The reason for doing this is to try and encourage people to "test" passwords for strength in their own databases. I am not seeing any real improvements in password strength generally across the industry over the last 8 years. It is not the intention to replace the fast C based crackers such as woraauthbf but instead to suppliment it. In my experience I find that people have not covered the bases yet, that is they still have passwords set to usernames, passwords set to defaults and also extremely weak passwords. I often suggest to people to download binary based crackers but there is often a reticence to do this. Hence I decided to create a PL/SQL based one. This way there is no excuse, its a SQL script that can be run in SQL*Plus and also its going to find the core issues anyway before you need a faster cracker. Some details on how it works and what it does are included in the page http://www.petefinnigan.com/oracle_password_cracker.htm for the cracker. You can also download it from the same page. hope its useful cheers Pete -- Pete Finnigan Principal Consultant PeteFinnigan.com Limited _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists