| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Mailing Lists -> Oracle-L -> Re: password
Stephane,
No I tried dropping a user and recreating them just a few minutes ago - the hash is the same. So it depends on username but not Oracle SID or physical host.
Cheers,
Mark.
Stephane
Faroult To: Multiple recipients of list ORACLE-L <ORACLE-L_at_fatcity.com>
<sfaroult_at_orio cc:
le.com> Subject: Re: password
Sent by:
root_at_fatcity.c
om
18/12/2002
08:19
Please respond
to ORACLE-L
Rachel Carmichael wrote:
>
> how does trying a password on your own private database help crack a
> password on a different database?
>
> I vaguely recall a conversation (I *think* it was with Kevin Loney)
> that part of the encryption key is the database name as well.
>
Rachel,
This is probably wrong, otherwise you would have to reinitiate passwords each time you do a full import (which recreates the users with 'IDENTIFIED BY VALUES' - eg reloads the crypted password as is) or clone a database. What it depends on for sure is the username and/or user#, because the same password given to different users hashes into something different. More likely to be the user#, I _think_ that I remember that if you drop a user and recreate the account with the same password, the resulting encrypted password is different.
-- Regards, Stephane Faroult Oriole Software -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Stephane Faroult INET: sfaroult_at_oriole.com Fat City Network Services -- 858-538-5051 http://www.fatcity.com San Diego, California -- Mailing list and web hosting services --------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<---->>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Privileged/Confidential information may be contained in this message. If you are not the addressee indicated in this message (or responsible for delivery of the message to such person), you may not copy or deliver this message to anyone. In such case, you should destroy this message and kindly notify the sender by reply e-mail or by telephone on (61 3) 9612-6999. Please advise immediately if you or your employer does not consent to Internet e-mail for messages of this kind. Opinions, conclusions and other information in this message that do not relate to the official business of Transurban City Link Ltd shall be understood as neither given nor endorsed by it. <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<---->>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Mark Richard INET: mrichard_at_transurban.com.au Fat City Network Services -- 858-538-5051 http://www.fatcity.com San Diego, California -- Mailing list and web hosting services --------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).Received on Tue Dec 17 2002 - 15:54:23 CST
 |
 |