Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Secure oracle password length

Re: Secure oracle password length

From: Pete Finnigan <pete_at_peterfinnigan.demon.co.uk>
Date: Tue, 26 Feb 2002 17:57:23 +0000
Message-ID: <l77IIaADy8e8Ew+d@peterfinnigan.demon.co.uk>


Hi Howard

DES is an encryption algorithm. It stands for Data Encryption Algorithm. Take a look at the book by the respected expert in cryptography Bruce Schneier "Applied Cryptography" which has a whole section about it.

regards

Pete Finnigan
www.pentest-limited.com

In article <a5e4gm$6sb$1_at_lust.ihug.co.nz>, Howard J. Rogers <dba_at_hjrdba.com> writes
>Thanks, Maxim. That's exactly what I was talking about, and exactly what I
>thought (as I think another of my posts in this thread explains).
>
>Good... I'm glad Rick raised the challenge (always good to be made to think
>fresh), and I'm glad it would seem I was correct after all.
>
>Cheers,
>HJR
>--
>----------------------------------------------
>Resources for Oracle: http://www.hjrdba.com
>===============================
>
>
>"Maxim Anisiutkin" <manisiutkin_at_grtcorp.com> wrote in message
>news:71ce14f2.0202251124.78704baa_at_posting.google.com...
>> Hi Rick,
>>
>> > I hate to correct you, Howard, but Oracle passwords *are* encrypted. The
>> > algorithm is modified DES or Triple DES, depending on the version.
>>
>> I'm sorry, but we are talking about password hashes stored in
>> sys.user$ table.
>> It cannot be *encrypted* because that field simply doesn't have enough
>> room for *encrypted* values of passwords (I know that it's
>> varchar2(30), but Oracle uses only the first 16 bytes). Probably, you
>> mean SQL*Net password *encryption*...
>>
>> Maxim.
>
>

-- 
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager at admin_at_pentest-limited.com
--
Pete Finnigan
IT Security Consultant
PenTest Limited

Office  01565 830 990
Fax     01565 830 889
Mobile  07974 087 885

pete.finnigan_at_pentest-limited.com

www.pentest-limited.com
Received on Tue Feb 26 2002 - 11:57:23 CST

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US