Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Crack Oracle Security like a peanut!

Re: Crack Oracle Security like a peanut!

From: DA Morgan <damorgan_at_psoug.org>
Date: Sun, 21 Aug 2005 10:22:49 -0700
Message-ID: <1124587536.263295@yasure> 





DAMorgan wrote:


> Oracle's Password Transform

> 

> Goals:

>  - Authentication information ("encrypted password") shall be portable

>    between machines with different character sets (ebcdic and ascii).

>  - It should handle non-enlish languages including those that require

>    16 bits per character.

>  - If a user has the same password on two databases, the authentication

>    information will be the same on both machines.

>  - It should be hard to tell if two users have the same password.

>  - The password transform should be as hard to break as DES.

> 

> 

> The Algorithm:




.. most snipped.



> Convert the second checksum value into a machine independent form.

> Since we are not short on characters, express it as a hex string.




Just in case anyone misunderstood ... I have been in Japan and did not
write this drivel.

-- 
Daniel A. Morgan
http://www.psoug.org
damorgan_at_x.washington.edu
(replace x with u to respond)


Received on Sun Aug 21 2005 - 12:22:49 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US