Re: Oracle password encryption algorithm?SKIP

In article <1993Jul1.134033.1_at_cbr.hhcs.gov.au> pihlab_at_cbr.hhcs.gov.au writes:
>In article <1993Jun30.154324.1_at_cissys>, trahan_at_cissys.read.tasc.com (Dave Trahan) writes:
>>
>> Does anyone know what algorithm Oracle uses to encrypt user passwords?
>
>Hopefully, only Oracle and it's well guarded. If everyone knew the algorithm
>then there would be no point in having a password because the encrypted value
>is stored (visible) in the database and you could run a program to crack
>anyone's account.
>

The unix encryption algorithm is well known but considered secure against brute force attackes. If the security of my database depends on the good will of the couple of 1000 oracle employees that know the algoithm, then I don't want it. The scheme has to still be workable when the algorithm becomes well know because sooner or later it will.

The answer is good passwords that a password cracker won't guess. ie) upper case + lower case + special character

[...]
>>Is the algorithm the same on all platforms?
>
>It doesn't need to be but I assume it is.
>

I have moved the encripted values between unix boxes and to a Vax system with no problem.

-- 
Regards, 

Lee E. Parsons                  		Baker-Huges Inteq, Inc
Oracle Database Administrator 			lparsons_at_exlog.com