Oracle 11g password algorithm is revealed. It’s based on SHA-1. The Hacker’s Choice (THC) says:
vonjeek/THC is proud to release the first full blown cracker for Oracle 11g. This tool can crack passwords which are encrypted using Oracle’s latest SHA1 based password protection algorithm.
You can download vonjeek/THC tool here. This page has an interesting title: “unbreakable” Oracle uncertified associate.
Also there is story on Pete Finnigan’s Oracle security weblog (here).