Oracle Password Update
Recovered from UKOUG now,
As Alex mentions on his blog GSAuditor has been updated to include 11g passwords and it is very fast.
Pete Finnigan’s PL based password cracker can be conveniently run from PL/SQL on the DB in question and is easily modified to take it’s passwords from SYS.USER_HISTORY$ …but bear in mind that the script will need to be ran as a SYSDBA in order to read this table. Of course this table is sensitive because the pattern of a users previous passwords can be gained and used to predict current and future passwords.
Home password testing for those without access to the newly updated top500 may become easier given the new TESLA machines though even HPCs for the home need to have their time synchronised if there logs are going to be useful in future.
Cheers,
Paul
