| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.server -> Re: Secure oracle password length
Doh! :-)
My apologies, Howard. I was thinking of the algorithm used to the encrypt the password over the wire. You are, of course, correct.
Rick
Pete Finnigan <pete_at_peterfinnigan.demon.co.uk> writes:
> Hi Howard
>
> DES is an encryption algorithm. It stands for Data Encryption Algorithm.
> Take a look at the book by the respected expert in cryptography Bruce
> Schneier "Applied Cryptography" which has a whole section about it.
>
> regards
>
> Pete Finnigan
> www.pentest-limited.com
>
> In article <a5e4gm$6sb$1_at_lust.ihug.co.nz>, Howard J. Rogers
> <dba_at_hjrdba.com> writes
> >Thanks, Maxim. That's exactly what I was talking about, and exactly what I
> >thought (as I think another of my posts in this thread explains).
> >
> >Good... I'm glad Rick raised the challenge (always good to be made to think
> >fresh), and I'm glad it would seem I was correct after all.
> >
> >Cheers,
> >HJR
> >--
> >----------------------------------------------
> >Resources for Oracle: http://www.hjrdba.com
> >===============================
> >
> >
> >"Maxim Anisiutkin" <manisiutkin_at_grtcorp.com> wrote in message
> >news:71ce14f2.0202251124.78704baa_at_posting.google.com...
> >> Hi Rick,
> >>
> >> > I hate to correct you, Howard, but Oracle passwords *are* encrypted. The
> >> > algorithm is modified DES or Triple DES, depending on the version.
> >>
> >> I'm sorry, but we are talking about password hashes stored in
> >> sys.user$ table.
> >> It cannot be *encrypted* because that field simply doesn't have enough
> >> room for *encrypted* values of passwords (I know that it's
> >> varchar2(30), but Oracle uses only the first 16 bytes). Probably, you
> >> mean SQL*Net password *encryption*...
> >>
> >> Maxim.
> >
> >
>
> --
> This email and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom they
> are addressed. If you have received this email in error please notify
> the system manager at admin_at_pentest-limited.com
> --
> Pete Finnigan
> IT Security Consultant
> PenTest Limited
>
> Office 01565 830 990
> Fax 01565 830 889
> Mobile 07974 087 885
>
> pete.finnigan_at_pentest-limited.com
>
> www.pentest-limited.com
--
Rick Wessman
Security Assurance Group
Oracle Corporation
Rick.Wessman_at_oracle.com
The opinions expressed above are mine and do not necessarily reflect
those of Oracle Corporation.
Received on Tue Feb 26 2002 - 15:32:58 CST
 |
 |