Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> Re: getting users passwords in plain text

Re: getting users passwords in plain text

From: Rich Jesse <rjoralist_at_society.servebeer.com>
Date: Tue, 16 Oct 2007 10:55:07 -0500 (CDT)
Message-ID: <15180.12.17.117.251.1192550107.squirrel@12.17.117.251> 







I have to say that I can't think of a valid reason to grab all passwords in
the database and you haven't given much information on this.



That


being said, the only viable way I know of to get the cleartext password is
to brute force it.  I would hope that the folks on this list would have
enough sense to not offer more than Google already can on this...



FYI, if you can brute force about a million iterations per second per CPU
(e.g. Intel T7200), you're looking at a maximum of a day to crack each
7-character password, 33 days for 8 chars, 3+years for 9, and ~116 years for
a 10-char password.



So, unless everyone has very easy passwords,
you're best bet is to manage changing them.



GL,


Rich



> i thought of doing a insert into mytable values

(username,password);


> in the 



$ORACLE_HOME/rdbms/admin/utlpwdmg.sql


>



<http://download-uk.oracle.com/docs/cd/B10501_01/server.920/a96536/ch53.htm#1005955>


>  but i don't wanne edit or write anything more looking for a

scritp


> that converts the hase to plain text




--
http://www.freelists.org/webpage/oracle-l


Received on Tue Oct 16 2007 - 10:55:07 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US