Ari,
If the algorithm is any good, the cracker should
find SHO3LAC3, as that is a weak password.
Unix crackers would pick this up.
Jared
"Ari Kaplan" <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED]
12/17/2002 10:44 AM
Please respond to ORACLE-L
To: Multiple recipients of list ORACLE-L <[EMAIL PROTECTED]>
cc:
Subject: RE: password
This program does not reverse-engineer or decrypt Oracle passwords. It
does
a dictionary forward brute-force "hack". So, if the user's password is not
in the list of pre-defined words then the password is never revealed. This
just encourages DBAs to enforce password management. See the
verify_function
for password management in Oracle for details.
For example, setting your password to "SHOELACE" would be detected by this
program, as it is in the English dictionary. "SH03LAC3" would not.
Basic rules of having a combination of characters, numbers, and
punctuation
marks, and not writing your password on a slip of paper by your monitor,
all
lead to a safe environment.
-Ari
-----Original Message-----
Carmichael
Sent: Tuesday, December 17, 2002 12:14 PM
To: Multiple recipients of list ORACLE-L
oh this is very scary.... especially that price
did you try out the demo? I'm still in "catch-up, deal with crises"
mode so I haven't had a chance
Rachel
--- [EMAIL PROTECTED] wrote:
> Hmm...
>
> Well maybe you *can* crack oracle passwords.
>
> I've just ordered the full version of this product. ( $4, I don't
> think I need to bother the purchasing department ).
>
> I'll let you know how it works.
>
> Jared
>
>
>
>
>
> "Mark Leith" <[EMAIL PROTECTED]>
> Sent by: [EMAIL PROTECTED]
> 12/17/2002 06:23 AM
> Please respond to ORACLE-L
>
>
> To: Multiple recipients of list ORACLE-L
> <[EMAIL PROTECTED]>
> cc:
> Subject: RE: password
>
>
> Yes, you can do this, but it still doesn't tell you the users
> *current*
> password does it?
>
> Has anyone tried:
>
> http://home.earthlink.net/~adamshalon/oracle_password_cracker/
>
> ?
>
> Mark
> -----Original Message-----
> Sent: 17 December 2002 13:59
> To: Multiple recipients of list ORACLE-L
>
>
> And you can use it to change it to your convenience and later
> get this encrypted password "IN" without the knowledge of
> the user..
>
> Regards
> Jai
>
>
>
> Paulo Gomes <[EMAIL PROTECTED]>
> Sent by: [EMAIL PROTECTED]
> 12/17/02 06:08 PM
> Please respond to ORACLE-L
>
> To: Multiple recipients of list ORACLE-L
> <[EMAIL PROTECTED]>
> cc:
> Subject: RE: password
>
>
>
> nope u can get the encripted password from the oracle dictionary
> -----Original Message-----
> Sent: terga-feira, 17 de Dezembro de 2002 11:34
> To: Multiple recipients of list ORACLE-L
>
> Check the post-it note on their monitor?
>
> :)
> -----Original Message-----
> Sent: 17 December 2002 10:55
> To: Multiple recipients of list ORACLE-L
>
> he can't but he can change it to a new one and then put the old back
> on
> -----Original Message-----
> Sent: terga-feira, 17 de Dezembro de 2002 4:09
> To: Multiple recipients of list ORACLE-L
>
> how can a dba see the password of a user.
>
--
Please see the official ORACLE-L FAQ: http://www.orafaq.com
--
Author: Ari Kaplan
INET: [EMAIL PROTECTED]
Fat City Network Services -- 858-538-5051 http://www.fatcity.com
San Diego, California -- Mailing list and web hosting services
---------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from). You may
also send the HELP command for other information (like subscribing).
--
Please see the official ORACLE-L FAQ: http://www.orafaq.com
--
Author:
INET: [EMAIL PROTECTED]
Fat City Network Services -- 858-538-5051 http://www.fatcity.com
San Diego, California -- Mailing list and web hosting services
---------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from). You may
also send the HELP command for other information (like subscribing).
