Re: Oracle Password Encryption Algorithm

From: Martin Schroeder <ms_at_dream.hb.north.de>
Date: 1997/03/13
Message-ID: <ARDKzA3JBh108h_at_dream.hb.north.de>#1/1

In <33282EA5.1041_at_msfc.nasa.gov> Chris Urban <christopher.urban_at_msfc.nasa.gov> writes:
>Rob van Lopik wrote:

>> > If the alogorithm were published, it would kind of defeat the purpose
>> > of having a password now, wouldn't it???
>>
>> No, it doesn't, because it is supposed to be one-way only. Your password
>> gets hashed into something that is stored in the database, but the
>> algorithm cannot be run the other way around, that is, you cannot produce
>> the clear password from the rubbish that you will find in DBA_USERS.
>> Give me one week, an encoded password, and a 'one way' algorithm and I
>guarantee you I can come up with the original password. This would pose a
>major security risk for Oracle to publish. Lets be realistic.

Do this for the Linux login and then come back to us. :-)) Please be silent till then.

Best regards

Martin

-- 
               Martin Schr"oder, MS_at_Dream.HB.North.DE
- If I start up a C shell and put it up to my ear, what will I hear?
- You'd hear the sound of the C, of course, as it repeatedly crashes
       on the silicon beach.  (The Usenet Oracle, Jan 1993)

Received on Thu Mar 13 1997 - 00:00:00 CET

This message: [ Message body ]
Next message: Brian Membrey: "Re: Tab Component"
Previous message: jim cox: "Re: Oracle Password Encryption Algorithm"
Maybe in reply to: Frank Kobylanski: "Re: Oracle Password Encryption Algorithm"
In reply to Rob van Lopik: "Re: Oracle Password Encryption Algorithm"
Next in thread: Brian Membrey: "Re: Tab Component"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message