Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.misc -> Re: Oracle Password Encryption Algorithm
Rob van Lopik wrote:
> > If the alogorithm were published, it would kind of defeat the purpose
> > of having a password now, wouldn't it???
>
> No, it doesn't, because it is supposed to be one-way only. Your password
> gets hashed into something that is stored in the database, but the
> algorithm cannot be run the other way around, that is, you cannot produce
> the clear password from the rubbish that you will find in DBA_USERS.
> Give me one week, an encoded password, and a 'one way' algorithm and I
guarantee you I can come up with the original password. This would pose a
major security risk for Oracle to publish. Lets be realistic.
Received on Thu Mar 13 1997 - 00:00:00 CST