Re: Oracle password encryption algorithm?SKIP
Date: Fri, 2 Jul 93 21:33:13 GMT
Message-ID: <1993Jul2.213313.16282_at_exlog.com>
In article <1993Jul1.134033.1_at_cbr.hhcs.gov.au> pihlab_at_cbr.hhcs.gov.au writes:
>In article <1993Jun30.154324.1_at_cissys>, trahan_at_cissys.read.tasc.com (Dave Trahan) writes:
>>
>> Does anyone know what algorithm Oracle uses to encrypt user passwords?
>
>Hopefully, only Oracle and it's well guarded. If everyone knew the algorithm
>then there would be no point in having a password because the encrypted value
>is stored (visible) in the database and you could run a program to crack
>anyone's account.
>
The unix encryption algorithm is well known but considered secure against brute force attackes. If the security of my database depends on the good will of the couple of 1000 oracle employees that know the algoithm, then I don't want it. The scheme has to still be workable when the algorithm becomes well know because sooner or later it will.
The answer is good passwords that a password cracker won't guess. ie) upper case + lower case + special character
[...]
>>Is the algorithm the same on all platforms?
>
>It doesn't need to be but I assume it is.
>
I have moved the encripted values between unix boxes and to a Vax system with no problem.
-- Regards, Lee E. Parsons Baker-Huges Inteq, Inc Oracle Database Administrator lparsons_at_exlog.comReceived on Fri Jul 02 1993 - 23:33:13 CEST