Re: Oracle Password Encryption Algorithm

From: Dave Macpherson <dave_at_fifthd.ca>
Date: 1997/03/17
Message-ID: <332d811a.1950385_at_news.sas.ab.ca>#1/1

On Wed, 12 Mar 1997 17:22:48 -0800, Medic Alert <news_at_medicalert.org> wrote:

>Frank Kobylanski wrote:
>>
>> dave_at_fifthd.ca (Dave Macpherson) wrote:
>>
>> >Does anyone know the algorithm used to encrypt an Oracle password? I
>> >need to verify that a password entered in by a user matches an
>> >encrypted password stored in DBA_USERS.

>> >Regards,

>> >Dave Macpherson
>>
>> If the alogorithm were published, it would kind of defeat the purpose
>> of having a password now, wouldn't it???
>
>Not necessarily. Most password encryption algorithms are
>one-way. That is, given a password, it will
>produce an encrypted version so that it can
>be compared to another encrypted version. As
>far as I know, the algorithm cannot be used
>to decrypt a password. Whether Oracle's falls
>into this category or not, I don't know.
>
>-- TRW
[Quoted] I am doing just this type of thing on the Unix side to validate a unix password against the /etc/passwd file. One can encrypt the plaintext password using the unix 'crypt' function call (source readily available, by the way) and compare it to the encrypted field stored within the password file. I don't care to know the plaintext password, I just want to validate that the person is who they say they are.

[Quoted] [Quoted] I have a similar requirement in my Oracle app. A user, who does not have the authority to perform a certain action should a certain condition arise, needs to have a supervisor or co-worker who is authorized validate the transaction. I can tell if the other person is authorized because it is driven by the Oracle role mechanism. The other person has to 'walk' over to the operators terminal, enter their Oracle userID and password. If it matches, then I can permit the transaction to proceed.

This shouldn't be too difficult. I know that the password encryption is only 1-way. Since it is easy to do this type of validation on the Unix side, I thought someone might have done something similar on the Oracle side.

Dave Macpherson Received on Mon Mar 17 1997 - 00:00:00 CET

This message: [ Message body ]
Next message: Jeff Crilly N6ZFX: "Re: Java applet and OWS"
Previous message: Slava Natapov: "Re: Report Server"
Maybe in reply to: Frank Kobylanski: "Re: Oracle Password Encryption Algorithm"
In reply to Medic Alert: "Re: Oracle Password Encryption Algorithm"
Next in thread: Jeff Crilly N6ZFX: "Re: Java applet and OWS"
Reply: John Bechtel: "Re: Oracle Password Encryption Algorithm"
Reply: Roeland Stouthart: "Re: Oracle Password Encryption Algorithm"
Reply: Michael Jessen: "Re: Oracle Password Encryption Algorithm"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message