Re: Oracle password encryption algorithm?SKIP

In article <21apmc$121_at_gaia.ucs.orst.edu>, mickel_at_OES.ORST.EDU (Paul Mickel) writes:
|> In article <1993Jul1.134033.1_at_cbr.hhcs.gov.au> pihlab_at_cbr.hhcs.gov.au writes:
|> >In article <1993Jun30.154324.1_at_cissys>, trahan_at_cissys.read.tasc.com (Dave Trahan) writes:
|> >>
|> >> Does anyone know what algorithm Oracle uses to encrypt user passwords?
|> >
|> >Hopefully, only Oracle and it's well guarded. If everyone knew the algorithm
|> >then there would be no point in having a password because the encrypted value
|> >is stored (visible) in the database and you could run a program to crack
|> >anyone's account.

        Wait! Why do encryption algorythms have to be guarded? Didn't UNIX leave the /etc/passwd file with encrypted passwds in plain view for years? If the algorythm is sufficiently nonreversible, then the algorythm AND the encrypted passwds can be in plain view with out any problems.

        Having the passwd in the argv for a program is another matter. That is serious is plaintext passwds are stored for any longer than necessary.

Direct all comments to this newsgroup or:

tbhudson_at_whale.st.usm.eduu	lshud7354_at_nsula.edu	tramm_hudson_at_agwbbs.us
tramm_at_bourbon.ee.tulane.edu	tramm_at_lsmsa.nsula.edu	root_at_192.102.223.10

Direct all complaints to /dev/null at the site of your choice.

The oceans are full of dirty fish, huh? See the fnords Received on Tue Jul 06 1993 - 05:09:16 CEST