Oracle 11g Password Cracker

Oracle 11g password algorithm is revealed. It’s based on SHA-1. The Hacker’s Choice (THC) says:

vonjeek/THC is proud to release the first full blown cracker for Oracle 11g. This tool can crack passwords which are encrypted using Oracle’s latest SHA1 based password protection algorithm.

You can download vonjeek/THC tool here. This page has an interesting title: “unbreakable” Oracle uncertified associate.

Also there is story on Pete Finnigan’s Oracle security weblog (here).

2 Responses

  1. Marko

    I haven’t done with Oracle yet, but it sounds very interesting. I wonder, does 77 times less possibilities means enough improvement? Perhaps, the main problem lies in SHA1 algorithm?

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.