password management
From: John D Groenveld <groenvel_at_cse.psu.edu>
Date: 13 May 1998 16:46:05 -0400
Message-ID: <6jd0qd$rn0$1_at_tholian.cse.psu.edu>
I believe that Oracle uses a one-way encryption algorithm to store user passwords. However, I read some code at the IOUW that implements the Oracle8 password_verify_function. Interesting enhancement. Anyway, the code compares old unencrypted password and new unencrypted password to guarantee that users don't reuse their passwords. The code supposedly came from Oracle, but I can't confirm right now. Please, say it aint so. Does Oracle8 store passwords unecrypted? John
groenveld_at_acm.org Received on Wed May 13 1998 - 22:46:05 CEST
Date: 13 May 1998 16:46:05 -0400
Message-ID: <6jd0qd$rn0$1_at_tholian.cse.psu.edu>
I believe that Oracle uses a one-way encryption algorithm to store user passwords. However, I read some code at the IOUW that implements the Oracle8 password_verify_function. Interesting enhancement. Anyway, the code compares old unencrypted password and new unencrypted password to guarantee that users don't reuse their passwords. The code supposedly came from Oracle, but I can't confirm right now. Please, say it aint so. Does Oracle8 store passwords unecrypted? John
groenveld_at_acm.org Received on Wed May 13 1998 - 22:46:05 CEST