Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: Password crypt function
On Wed, 23 Sep 1998 08:16:51 +1000, "Malcolm Byrne"
<malcolm_at_mincom.com> wrote:
>Does anyone know of a crypt function that will mimmic the oracle password
>encryption. This is useful for programmatically checking for lousy
>passwords!
>
>The encrypted string is available in dba_users. I would like to be able to
>extract all encrypted strings from dba_users and probe them using a
>dictionary of lousy passwords.
Why looking for the digest function if you have it built into your RDBMS?. So use the function that is originaly used! Here is the scenario:
Connect with DBA privileges. Save the original encripted password from DBA_USERS to safe place. Then read the passwords from your dictionary of bad passwords one by one and with each one isue:
ALTER USER the_user IDENTIFIED BY bad_password;
Read the newly encripted (bad) password wrom DBA_USERS and compare it to the original encripted password. If they are the same then the original passord is the same as this bad password. If they are different process the next bad password the same way.
When you are finished return the original password to the user with the following command:
ALTER USER the_user IDENTIFIED BY VALUES ''''<orig_encripted_pwd>'''';
>Malcolm Byrne
HTH,
--
Jurij Modic <jmodic_at_src.si>
Certified Oracle7 DBA (OCP)