Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Oracle password strength
Greetings all....
I have a bunch of users who use extremely insecure passwords which violate the obvious password no-no's (easy dictionary guess etc). I would like to "check" the passwords of my oracle users.
(1) does anyone know the algorithm which Oracle uses to encrypt passwords?
I see that they are stored in DBA_USERS, but it doesn't seem to be DES...
Does a password auditing program for "vanilla" Oracle authentication
and/or Oracle applications exist which will run a dictionary attack?
(2) Is it possible to test the strength of a user's password when they
change it? I must test the strength of passwords in both "vanilla" Oracle
(ie. alter user <x> identified by <y>) and that in Oracle financials. I
assume that I can write a trigger in Financials to intercept poor
passwords. Is it possible to do so with the traditional Oracle
authentication mechanism (when a user changes password via alter)?
Thank you very much for any help you can give me.. This is driving me crazy :)
--
Craig Nelson - cn_at_clark.net
http://www.clark.net/pub/cn
Received on Fri Feb 26 1999 - 19:42:50 CST