Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.tools -> Re: detecting dictionary passwords
The passwords are stored internally in encrypted format. And the encryption algorithm uses the username in it. So the same word will not encrypt the same way for two different users.
SQL> create user test1 identified by beaches;
User created.
SQL> create user testinganother1 identified by beaches;
User created.
SQL> select username,password from dba_users where username like 'TEST%'; USERNAME PASSWORD
-------------------- ------------------------------ TEST1 B9D93E173D4569C8 TESTINGANOTHER1 DA8D0E59833C6F45
See, two different encryptions for the same word. The best that you can do is create a password verification function in Oracle 8 and higher.
HTH,
Brian
"John M. Olsen" wrote:
>
> I am interested in any information concerning how to go about scanning
> the passwords in the user table for cases where the user has used a
> common dictionary word as a password. The requirement for
> accredidation is to enforce that users do not use a common word as a
> password.
>
> Thanks in advance for any help.
>
> --
> John M. Olsen
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
-- ======================================== Brian Peasland Raytheons Systems at USGS EROS Data Center These opinions are my own and do not necessarily reflect the opinions of my company! ========================================Received on Thu May 18 2000 - 00:00:00 CDT