Re: Oracle Password Encryption Algorithm

From: Vince Cross <bartok_at_nortel.ca>
Date: 1997/03/12
Message-ID: <33271B72.68EB_at_nortel.ca>#1/1


Frank Kobylanski wrote:
>
> dave_at_fifthd.ca (Dave Macpherson) wrote:
>
> >Does anyone know the algorithm used to encrypt an Oracle password? I
> >need to verify that a password entered in by a user matches an
> >encrypted password stored in DBA_USERS.
 

> If the alogorithm were published, it would kind of defeat the purpose
> of having a password now, wouldn't it???

Not always. There are some encryption algorithms that are "one-way", meaning that you can't decode the encrypted text into its original form. For password encryption algorithms, typically the clear-text password entered by the user is encrypted, then compared to the stored encrypted password to see if the two encrypted strings match.

However, this is all a moot point because Oracle isn't likely to release their code for this.

Vince

P.S. - The original poster crossposted this to the .misc, .server, and .tools newsgroups. Please don't crosspost as it defeats the purpose for having separate groups. Followups directed to comp.databases.oracle.server.

-- 
[Quoted] * Hey Spammers!  If you send me unsolicated email, we'll 
* send you a bill for up to $500/message.  Federal laws
* allow us to do this.  This is not a joke.  We've got
* lots of expensive lawyers to feed.
Received on Wed Mar 12 1997 - 00:00:00 CET

Original text of this message