| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.misc -> Re: Oracle Password Encryption Algorithm
In article <5g734c$ecm$1_at_newsin-1.starnet.net>, this_person_at_thisplace.com (Frank Kobylanski) wrote:
>dave_at_fifthd.ca (Dave Macpherson) wrote:
>
>>Does anyone know the algorithm used to encrypt an Oracle password? I
>>need to verify that a password entered in by a user matches an
>>encrypted password stored in DBA_USERS.
>>Regards,
>>Dave Macpherson
>
>If the alogorithm were published, it would kind of defeat the purpose
>of having a password now, wouldn't it???
>
>Frank
if oracle uses "one-way" encryption, it wouldn't "kind of defeat the purpose of having a password" to publish the encryption algorithm, as there would be no way to "decrypt" the encrypted password that is stored in DBA_USERS. knowing the algorithm would let you use a dictionary-based attack, of course, but that's another issue. Received on Wed Mar 12 1997 - 00:00:00 CST
 |
 |