Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: Does oracle provide encryption function??
Stephen Tenberg wrote:
>
> > >Could you tell me how Oracle stores the passwords?. I mean, what
> > >encryptation method Oracle uses?. Is there a tool to decrypt the
> > >passwords?.
> > >
> >
> > they are not encrypted. they are stored with a one way digest (hash).
> >
> > take the username, the password plus a 'salt' -- grind them together, get
> a
> > hash. thats the password you see. when someone gives us a
> username/password to
> > login -- we add the salt, grind them togehter and compare the hashes.
> >
> > you cannot get the password back from the database.
> >
>
> Even if a digest is being used, it is still possible to accomplish what the
> poster wants. I.e., they accept a username and password, compute the
> digest, and then compare to the actual digest.
>
> Is the algorithm published?
>
> Steve
This opens up security problems in the same way that Unix had (with freeware such as 'crack') before people started using things that shadow files etc.
--
There are 3,434,679 oracle websites around the world. Now there is one more... http://www.oracledba.co.uk Received on Wed Feb 09 2000 - 04:30:46 CST