Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> RE: password

RE: password

From: david hill <david.hill_at_lechateau.ca>
Date: Tue, 17 Dec 2002 14:01:27 -0800
Message-ID: <F001.0051BFED.20021217140127@fatcity.com> 





This works too


A password calculator


http://lastbit.com/pswcalc.asp




-----Original Message-----



Sent: Tuesday, December 17, 2002 4:19 PM
To: Multiple recipients of list ORACLE-L



UGH!  Should have been 26^6 possible passwords NOT 6^26!



So...  Ignore my previous math.  Have to go now.....  Hanging head in
mathematical shame.



Correct times for all uppercase: 3 seconds



Correct times for upper and lower: 3.2 minutes



Now if I can only find the machine to do 100,000,000 attacks/s.



--



Paul




-----Original Message-----



Sent: Tuesday, December 17, 2002 3:20 PM
To: Multiple recipients of list ORACLE-L




I used to work as a Unix security admin and would frequently run
password "cracking" programs against our password files.  



We found that the really weak passwords were found in the first 5
minutes, ones derived from info in the gecos fields.  Better ones, using
number/letter substitutions in common dictionary words, would be found
in the next day or so.  We stopped running after 48 hours.  We never
found that brute force iteration was worthwhile.



Consider the following if you are thinking of using a totally brute
force approach and trying all possible combinations.  I needed a break
this afternoon...



Assumptions:  All passwords are 6 characters long and all characters are
upper case. There are 6^26=170,581,728,179,578,208,256 possible
passwords If you can attack 100,000,000 passwords per second you will
need 


(6^26)/100,000,000 = 1,705,817,281,795 seconds. 1,705,817,281,795s *
1h/3600s = 473,838,133 hours 473,838,133,832h * 1d/24h = 19,743,255 days
19,743,255,576d * 1y/365d = 54,091 years



If we add the condition that passwords can be upper and lower case then
there are 6^26 possible passwords and the time to attack all possible
combinations becomes: 9.226E24 years.



Back to work now :)


--



Paul






-----Original Message-----



Waleed


Sent: Tuesday, December 17, 2002 2:16 PM
To: Multiple recipients of list ORACLE-L




It's one way encryption. So you can loop on all the permutation for
AAAAAA to ZZZZZZ  and apply the encryption code and compare the output
to the dictionary content. If it matches, then you got the password.



I thought about doing this five years ago, but decided against it.



I thought I will be under the hackers, virus developers groups.



Regards,


Waleed



-----Original Message-----



Sent: Tuesday, December 17, 2002 12:04 PM
To: Multiple recipients of list ORACLE-L




How, Oracle does not publish the password encryption algorithm, and I
don't believe anyone has cracked it.



Jared








Paulo Gomes <PGomes_at_Datinfor.pt>


Sent by: root_at_fatcity.com


 12/17/2002 04:38 AM


 Please respond to ORACLE-L

 


        To:     Multiple recipients of list ORACLE-L
<ORACLE-L_at_fatcity.com>

        cc: 
        Subject:        RE: password






nope u can get the encripted password from the oracle dictionáry


-----Original Message-----



Sent: terça-feira, 17 de Dezembro de 2002 11:34
To: Multiple recipients of list ORACLE-L



Check the post-it note on their monitor? 
 


:)


-----Original Message-----



Sent: 17 December 2002 10:55


To: Multiple recipients of list ORACLE-L



he can't but he can change it to a new one and then put the old back on


-----Original Message-----



Sent: terça-feira, 17 de Dezembro de 2002 4:09
To: Multiple recipients of list ORACLE-L



how can a dba see the password of a user.



The new MSN 8: smart spam protection and 2 months FREE* -- Please see
the official 


ORACLE-L FAQ: http://www.orafaq.com -- Author: faisal ahmad INET:
faisalahmad4u_at_hotmail.com Fat City Network 
Services -- 858-538-5051 http://www.fatcity.com San Diego, California --
Mailing list and web hosting services 


--------------------------------------------------------------------- To




REMOVE yourself from this mailing list, send an E-Mail message to: 
ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the 
message BODY, include a line containing: UNSUB ORACLE-L (or the name of 
mailing list you want to be removed from). You may also send the HELP 
command for other information (like subscribing). 




-- 



Please see the official ORACLE-L FAQ: http://www.orafaq.com


-- 



Author: 


  INET: Jared.Still_at_radisys.com


Fat City Network Services    -- 858-538-5051 http://www.fatcity.com
San Diego, California        -- Mailing list and web hosting services


---------------------------------------------------------------------

To REMOVE yourself from this mailing list, send an E-Mail message


to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the
message BODY, include a line containing: UNSUB ORACLE-L (or the name of
mailing list you want to be removed from).  You may also send the HELP
command for other information (like subscribing).


-- 



Please see the official ORACLE-L FAQ: http://www.orafaq.com


-- 



Author: Khedr, Waleed


  INET: Waleed.Khedr_at_FMR.COM


Fat City Network Services    -- 858-538-5051 http://www.fatcity.com
San Diego, California        -- Mailing list and web hosting services


---------------------------------------------------------------------

To REMOVE yourself from this mailing list, send an E-Mail message


to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the
message BODY, include a line containing: UNSUB ORACLE-L (or the name of
mailing list you want to be removed from).  You may also send the HELP
command for other information (like subscribing).



-- 



Please see the official ORACLE-L FAQ: http://www.orafaq.com


-- 



Author: Paul Heely


  INET: pheely_at_progeny.net


Fat City Network Services    -- 858-538-5051 http://www.fatcity.com
San Diego, California        -- Mailing list and web hosting services


---------------------------------------------------------------------

To REMOVE yourself from this mailing list, send an E-Mail message


to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the
message BODY, include a line containing: UNSUB ORACLE-L (or the name of
mailing list you want to be removed from).  You may also send the HELP
command for other information (like subscribing).



-- 



Please see the official ORACLE-L FAQ: http://www.orafaq.com


-- 



Author: Paul Heely


  INET: pheely_at_progeny.net


Fat City Network Services    -- 858-538-5051 http://www.fatcity.com
San Diego, California        -- Mailing list and web hosting services


---------------------------------------------------------------------

To REMOVE yourself from this mailing list, send an E-Mail message


to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).



-- 



Please see the official ORACLE-L FAQ: http://www.orafaq.com


-- 



Author: david hill


  INET: david.hill_at_lechateau.ca


Fat City Network Services    -- 858-538-5051 http://www.fatcity.com
San Diego, California        -- Mailing list and web hosting services


---------------------------------------------------------------------

To REMOVE yourself from this mailing list, send an E-Mail message


to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).
Received on Tue Dec 17 2002 - 16:01:27 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US