RE: Pete Finnigan's Oracle database password checker
Date: Wed, 8 Oct 2008 09:53:13 -0400
Just a side note here - you might want to double-check your company's policy on running a utility like this against a production database. At the very least, I would have to modify the script so that it would NOT show me what the cracked passwords are. Otherwise it would be cause for termination of my employment.
[mailto:oracle-l-bounce_at_freelists.org] On Behalf Of Adams, Matthew (GE Indust, ConsInd)
Sent: Wednesday, October 08, 2008 9:44 AM To: Thomas.Mercadante_at_labor.state.ny.us
Subject: RE: Pete Finnigan's Oracle database password checker
There are a myriad of tools out there for
scanning unix passwords
(SATAN was one I used in the 90s, not sure if it's still around).
I would think that the dictionaries of words that comes with any of these utilities would be a good starting point.
This e-mail message and any files transmitted with it are intended for the use of the individual or entity to which they are addressed and may contain information that is privileged, proprietary and confidential. If you are not the intended recipient, you may not use, copy or disclose to anyone the message or any information contained in the message. If you have received this communication in error, please notify the sender and delete this e-mail message. The contents do not represent the opinion of D&E except to the extent that it relates to their official business.