Re: Oracle password encryption algorithm?

From: Ruth Larson <rlarson_at_nswc-wo.nswc.navy.mil>
Date: Thu, 1 Jul 1993 13:22:15 GMT
Message-ID: <1993Jul1.132215.17807_at_relay.nswc.navy.mil>

In article <1993Jun30.154324.1_at_cissys> trahan_at_cissys.read.tasc.com (Dave Trahan) writes:
>
>Does anyone know what algorithm Oracle uses to encrypt user passwords? Has
>it changed in the last several versions (5,6,7)? Is there a "public" way
>to access this routine? Is the algorithm the same on all platforms?
>
>I'm trying to write a tool to find users who have set their Oracle password
>to be the same as their Oracle username. I'm familiar with the method used
>in such system tools as COPS, and I'm trying to apply the same technique
>to Oracle, but without the encryption algorithm, I'm kinda stuck. I heard
>it was based on the Unix 'crypt' algorithm, but with a minor change.
>
>
> Any thoughts?
>
>
> Dave Trahan
> DETRAHAN_at_TASC.COm

Here's a "quick and dirty" way to do what you want in Version 6. Version 5 would be similar and I assume V7 also.

set pages 0
set heading off
column username format a12
spool temp_sql

select 'connect ',username,'/',username,'                       ',

'select user from dual;'
from system.dba_users;
spool off
_at_temp

You'll get a couple of error messages for each pw that isn't the username but every so often:

CONNECTED
username

In other words, a "Bingo".

(I *did* say "quick and *dirty*") :-) Received on Thu Jul 01 1993 - 15:22:15 CEST

This message: [ Message body ]
Next message: Ian A. MacGregor: "Re: Oracle password encryption algorithm?"
Previous message: Jean-Marc Debaud: "RE: Want Oracle/HyperCard for Windows"
Next in thread: Ian A. MacGregor: "Re: Oracle password encryption algorithm?"
Maybe reply: Ian A. MacGregor: "Re: Oracle password encryption algorithm?"
Maybe reply: Bob Baldwin: "Re: Oracle password encryption algorithm?"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message