Re: Oracle Password Encryption Algorithm
Date: 1997/03/12
Message-ID: <33271B72.68EB_at_nortel.ca>#1/1
Frank Kobylanski wrote:
>
> dave_at_fifthd.ca (Dave Macpherson) wrote:
>
> >Does anyone know the algorithm used to encrypt an Oracle password? I
> >need to verify that a password entered in by a user matches an
> >encrypted password stored in DBA_USERS.
> If the alogorithm were published, it would kind of defeat the purpose
> of having a password now, wouldn't it???
Not always. There are some encryption algorithms that are "one-way", meaning that you can't decode the encrypted text into its original form. For password encryption algorithms, typically the clear-text password entered by the user is encrypted, then compared to the stored encrypted password to see if the two encrypted strings match.
However, this is all a moot point because Oracle isn't likely to release their code for this.
Vince
P.S. - The original poster crossposted this to the .misc, .server, and .tools newsgroups. Please don't crosspost as it defeats the purpose for having separate groups. Followups directed to comp.databases.oracle.server.
-- [Quoted] * Hey Spammers! If you send me unsolicated email, we'll * send you a bill for up to $500/message. Federal laws * allow us to do this. This is not a joke. We've got * lots of expensive lawyers to feed.Received on Wed Mar 12 1997 - 00:00:00 CET