Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Does oracle provide encryption function??

Re: Does oracle provide encryption function??

From: Connor McDonald <connor_mcdonald_at_yahoo.com>
Date: Wed, 09 Feb 2000 18:30:46 +0800
Message-ID: <38A141D6.5069@yahoo.com> 





Stephen Tenberg wrote:


> 


> > >Could you tell me how Oracle stores the passwords?. I mean, what


> > >encryptation method Oracle uses?. Is there a tool to decrypt the


> > >passwords?.


> > >


> >


> > they are not encrypted.  they are stored with a one way digest (hash).


> >


> > take the username, the password plus a 'salt' -- grind them together, get


> a


> > hash.  thats the password you see.  when someone gives us a


> username/password to


> > login -- we add the salt, grind them togehter and compare the hashes.


> >


> > you cannot get the password back from the database.


> >


> 


> Even if a digest is being used, it is still possible to accomplish what the


> poster wants.  I.e., they accept a username and password, compute the


> digest, and then compare to the actual digest.


> 


> Is the algorithm published?


> 


> Steve





This opens up security problems in the same way that Unix had (with
freeware such as 'crack') before people started using things that shadow
files etc.



-- 




Connor McDonald


connor_mcdonald_at_yahoo.com



There are 3,434,679 oracle websites around the world.
Now there is one more... http://www.oracledba.co.uk

Received on Wed Feb 09 2000 - 04:30:46 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US