| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.server -> Re: Oracle Password Encryption Algorithm
In article <3326d1d1.1028394901_at_news.sas.ab.ca>,
dave_at_fifthd.ca wrote:
>
> Does anyone know the algorithm used to encrypt an Oracle password? I
> need to verify that a password entered in by a user matches an
> encrypted password stored in DBA_USERS.
>
> Regards,
>
> Dave Macpherson
You don't need to know the algorithm to verify the correctness of the user's password. If you know the user's clear text password and you have DBA priv, do the following. a) Select * from dba_users where username = '<username>' **** This gives you the 'encrypted password' already set by the user b) Alter user <username> identified by <clear text password>; ***** This will encrypt the password. c) Do step (a) again and compare the encrypted passwords. If they are different, then the clear text password does not match.
As for follow-ups regarding "impossible" passwords, you use the following ALTER syntax.
Alter user <username> identiifed by values '<String>'. The idea is that the <String> you entered will never be the end result of the encryption algorithm.
Cheers.
Peter Kho
TRIUMPH Systems Ltd.
-------------------==== Posted via Deja News ====-----------------------
http://www.dejanews.com/ Search, Read, Post to Usenet
Received on Sat Mar 15 1997 - 00:00:00 CST
 |
 |