Oracle Passwords

There's a article discussing how you can crack an Oracle password in about 4 minutes. I've scanned the article and Oracle's password system isn't as bad as I might have thought, but it's pretty bad. The big no-nos was using the user name as the salt (instead of a random value) and forcing the password to uppercase. This greatly simplifies the process of find the password through brute force.
I like bashing Oracle, since:
  • When I first encountered Oracle I had to write connectivity in C++ to get to Oracle (back in 94 or so). I had already done the connectivity to DB-Library and to ODBC and found Oracle's the most problematic.
  • Oracle makes the most money of any database out there yet their documentation is rather pathetic.
  • Postgres is better on low end (say 2 processor) machines than Oracle.
  • Oracle's PL/SQL compiler is often useless for finding errors.
  • Oracle's error messages are often useless for finding errors in SQL as well (like which column is wrong).
  • They're salespeople are great at FUD.
So I think it's great that their passwords are so weak, it's quite embarrasing for them.

Comments

Post a Comment

Popular posts from this blog

Seven Segment Display in Inkscape

Image
Today I got a little sidetracked while working on my key-train (keyboard training) project.  I thought I might spruce it up a little by using a seven segment display for the digits (say for the words per minutes), similar to what kTouch has.  I found an open source font, but it appears to be difficult to just use a ttf font in GTK. So I figured, it's only 10 images, I'll just make them in svg. I vaguely remembered a heathenx inkscape podcast  describing how to make an LCD display and decided to use that at my base. Unfortunately, they didn't provide any source files in the show-notes (as far as I could see) so I had to watch and redo the drawings myself! By naming each of the seven segments I could create the 10 digits simply by deleting a few elements in one template svg file .  I can create the template as beautiful as I like and quickly create the 10 derived images with these programs . Unfortunately, both ImageMagick and GraphicsMagick don't handle
Read more

Shortest Sudoku solver in Python

Mark Byer's site has some more Sudoku solvers here's a short one in Python that's only 178 bytes long: def r(a):i=a.find('0');~i or exit(a);[m in[(i-j)%9*(i/9^j/9)*(i/27^j/27|i%9/3^j%9/3)or a[j]for j in range(81)]or r(a[:i]+m+a[i+1:])for m in'%d'%5**18] from sys import*;r(argv[1]) On the site is also shown a longer Perl version at 185 bytes: use integer;sub R{for$i(grep!$A[$_],@x=0..80){%t=map{$_/27-$i/27|$_%9/3-$i%9/3&&amp;amp;amp;$_ /9-$i/9&&($_-$i)%9?0:$A[$_]=>1}@x;R($A[$i]=$_)for grep!$t{$_},1..9;return$A[$i]=0} die@A}@A=split//,<>;R I think the Python version is slightly easier to understand, although they are both quite cryptic. I'm not sure why I find these programs fascinating. I think it reminds me that any program can be written in such a way that it's cryptic, even in Python. In addition, the code is small enough that you should be able to figure out how it works, and may learn something the process. Related is
Read more