Re: password encryption for test-tool

hello alexander,

last found a script for doing this
(sorry forget where, hve to dig for that)

was something like this

1. get hashed password from dba_users
2. change password using your test criteria and see if it matches password from step 1 (alter user ...)
3. change back to old password using alter user ..... using values '<hashed password>

hth.

s.kapitza

Daniel Morgan <dmorgan_at_exesolutions.com> wrote in message news:<3D2DA6CE.90974C48_at_exesolutions.com>...
> Alexander Wohrer wrote:
>
> > I'm trying to test (a lot of) db's if there are "weak accounts" like
> > password=password, password=hostname,....
> > For this I need to check the hashes stored in the dba_users table and I
> > don't want to
> > create users in an test-db with the different passwords to get the needed
> > hashcode!
> >
> > Is there a function which gives me the 16 digit hash code stored in the db
> > for a give user-password combination?
>
> If I understand your question ... no.
>
> But in Oracle one can very easily make such passwords impossible to create by
> creating a PROFILE with a password verification function..
>
> Look in $ORACLE_HOME\rdbms\admin for the file utlpwdmg.sql. This file contains
> everything you need to accomplish the goal and much more.
>
> Daniel Morgan
Received on Sun Jul 14 2002 - 08:59:25 CDT