Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Oracle password strength

Oracle password strength

From: <cn_at_127.0.0.1>
Date: 27 Feb 1999 01:42:50 GMT
Message-ID: <7b7iiq$lp2$1@callisto.clark.net> 





Greetings all....



I have a bunch of users who use extremely insecure passwords which violate
the obvious password no-no's (easy dictionary guess etc).  I would like to
"check" the passwords of my oracle users.  



(1) does anyone know the algorithm which Oracle uses to encrypt passwords?


I see that they are stored in DBA_USERS, but it doesn't seem to be DES...
Does a password auditing program for "vanilla" Oracle authentication
and/or Oracle applications exist which will run a dictionary attack?



(2) Is it possible to test the strength of a user's password when they


change it?  I must test the strength of passwords in both "vanilla" Oracle


(ie. alter user <x> identified by <y>) and that in Oracle financials.  I


assume that I can write a trigger in Financials to intercept poor
passwords.  Is it possible to do so with the traditional Oracle
authentication mechanism (when a user changes password via alter)?



Thank you very much for any help you can give me.. This is driving me
crazy :)



--


Craig Nelson - cn_at_clark.net


http://www.clark.net/pub/cn

Received on Fri Feb 26 1999 - 19:42:50 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US