Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.misc -> Re: converting oracle passwords

Re: converting oracle passwords

From: damorgan <damorgan_at_exesolutions.com>
Date: Sat, 06 Apr 2002 00:23:38 GMT
Message-ID: <3CAE4009.54A599A5@exesolutions.com> 





Please be so kind as to demonstrate this method to the group.



Here's a password to unencrypt. FF1E47B18F4721AB



I'll send you a nice crisp US $20 bill for the correct answer.



I suspect what the instructor taught you was something entirely different that involved changing the
password and then replacing the password with its original. A far cry from breaking the encryption
algorithm and rendering Oracle security worthless.



Daniel Morgan





John wrote:



> First of all it is not impossible.  During my Oracle backup and

> recovery class, the instructor, from Oracle, showed us how to convert

> the encrypted values to actual values.  And your assumptions that I

> would either be inexperienced or do not understand the Oracle security

> model are profoundly wrong.  I just no longer want to use Oracle for

> my security model.  If you read my message, you would have seen that

> the commercial application that I am using now uses Oracle users for

> logins.  The new system does not, and rather then asking 5000 people

> to re-enter their information on a new system, it was my hope that we

> would migrate it into the table and format that the application

> requires.  Our group is the one who assigned these passwords to the

> users in the first place, however they were not tracked till recently.

>

> JR

>

> damorgan <damorgan_at_exesolutions.com> wrote in message news:<3CAB26BA.B7C90CD2_at_exesolutions.com>...

> > It is impossible.

> >

> > Were it possible there would be no security in an Oracle database.

> >

> > And, quite frankly, there are only two reasons I can conceive of for

> > wanting unencrypted passwords belonging to other users. One is a lack of

> > experience so profound that you don't understand the Oracle security

> > model. The other that you are trying to hack the system.

> >

> > Daniel Morgan

> >

> >

> >

> > John wrote:

> >

> > > I have a system that used oracle users for logins.  The passwords are

> > > of course encrypted.  Our new system uses it's own table for

> > > validation of logins.  I need to copy over the usernames and passwords

> > > from the dba_users table, into a seperate table, and have the

> > > passwords be unencrypted so it can read them.  Is there an easy way to

> > > do this?  Thanks.

> > >

> > > JR

Received on Fri Apr 05 2002 - 18:23:38 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US