I think it's 26^6
There is a big difference between 26^6 and 6^26
let's keep the fun :)
Waleed
-----Original Message-----
Sent: Tuesday, December 17, 2002 3:20 PM
To: Multiple recipients of list ORACLE-L
I used to work as a Unix security admin and would frequently run
password "cracking" programs against our password files.
We found that the really weak passwords were found in the first 5
minutes, ones derived from info in the gecos fields. Better ones, using
number/letter substitutions in common dictionary words, would be found
in the next day or so. We stopped running after 48 hours. We never
found that brute force iteration was worthwhile.
Consider the following if you are thinking of using a totally brute
force approach and trying all possible combinations. I needed a break
this afternoon...
Assumptions: All passwords are 6 characters long and all characters are
upper case.
There are 6^26=170,581,728,179,578,208,256 possible passwords
If you can attack 100,000,000 passwords per second you will need
(6^26)/100,000,000 = 1,705,817,281,795 seconds.
1,705,817,281,795s * 1h/3600s = 473,838,133 hours
473,838,133,832h * 1d/24h = 19,743,255 days
19,743,255,576d * 1y/365d = 54,091 years
If we add the condition that passwords can be upper and lower case then
there are 6^26 possible passwords and the time to attack all possible
combinations becomes: 9.226E24 years.
Back to work now :)
--
Paul
-----Original Message-----
Waleed
Sent: Tuesday, December 17, 2002 2:16 PM
To: Multiple recipients of list ORACLE-L
It's one way encryption. So you can loop on all the permutation for
AAAAAA to ZZZZZZ and apply the encryption code and compare the output
to the dictionary content. If it matches, then you got the password.
I thought about doing this five years ago, but decided against it.
I thought I will be under the hackers, virus developers groups.
Regards,
Waleed
-----Original Message-----
Sent: Tuesday, December 17, 2002 12:04 PM
To: Multiple recipients of list ORACLE-L
How, Oracle does not publish the password encryption algorithm, and I
don't believe anyone has cracked it.
Jared
Paulo Gomes <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED]
12/17/2002 04:38 AM
Please respond to ORACLE-L
To: Multiple recipients of list ORACLE-L
<[EMAIL PROTECTED]>
cc:
Subject: RE: password
nope u can get the encripted password from the oracle dictionáry
-----Original Message-----
Sent: terça-feira, 17 de Dezembro de 2002 11:34
To: Multiple recipients of list ORACLE-L
Check the post-it note on their monitor?
:)
-----Original Message-----
Sent: 17 December 2002 10:55
To: Multiple recipients of list ORACLE-L
he can't but he can change it to a new one and then put the old back on
-----Original Message-----
Sent: terça-feira, 17 de Dezembro de 2002 4:09
To: Multiple recipients of list ORACLE-L
how can a dba see the password of a user.
The new MSN 8: smart spam protection and 2 months FREE* -- Please see
the official
ORACLE-L FAQ: http://www.orafaq.com -- Author: faisal ahmad INET:
[EMAIL PROTECTED] Fat City Network
Services -- 858-538-5051 http://www.fatcity.com San Diego, California --
Mailing list and web hosting services
--------------------------------------------------------------------- To
REMOVE yourself from this mailing list, send an E-Mail message to:
[EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the
message BODY, include a line containing: UNSUB ORACLE-L (or the name of
mailing list you want to be removed from). You may also send the HELP
command for other information (like subscribing).
--
Please see the official ORACLE-L FAQ: http://www.orafaq.com
--
Author:
INET: [EMAIL PROTECTED]
Fat City Network Services -- 858-538-5051 http://www.fatcity.com
San Diego, California -- Mailing list and web hosting services
---------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the
message BODY, include a line containing: UNSUB ORACLE-L (or the name of
mailing list you want to be removed from). You may also send the HELP
command for other information (like subscribing).
--
Please see the official ORACLE-L FAQ: http://www.orafaq.com
--
Author: Khedr, Waleed
INET: [EMAIL PROTECTED]
Fat City Network Services -- 858-538-5051 http://www.fatcity.com
San Diego, California -- Mailing list and web hosting services
---------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the
message BODY, include a line containing: UNSUB ORACLE-L (or the name of
mailing list you want to be removed from). You may also send the HELP
command for other information (like subscribing).
--
Please see the official ORACLE-L FAQ: http://www.orafaq.com
--
Author: Paul Heely
INET: [EMAIL PROTECTED]
Fat City Network Services -- 858-538-5051 http://www.fatcity.com
San Diego, California -- Mailing list and web hosting services
---------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from). You may
also send the HELP command for other information (like subscribing).
--
Please see the official ORACLE-L FAQ: http://www.orafaq.com
--
Author: Khedr, Waleed
INET: [EMAIL PROTECTED]
Fat City Network Services -- 858-538-5051 http://www.fatcity.com
San Diego, California -- Mailing list and web hosting services
---------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from). You may
also send the HELP command for other information (like subscribing).
