Re: Oracle password encryption algorithm?SKIP
Date: 7 Jul 1993 11:09:52 +0200
Message-ID: <21e3t0INNo8p_at_galaxy.uci.agh.edu.pl>
Dan Wing (dwing_at_uh01.colorado.edu) wrote:
: The primary strength of the VMS password encryption scheme isn't that the
: ciphertext is protected from non-privileged users.
: The primary strength is that the passwords are encrypted with a one-way
: function; once the data (the password) has been encrypted, it cannot be
: decrypted into its original form without a brute-force attack. The fact that
: the file containing the encrypted passwords is unavailable to non-privileged
: users only prevents a non-privileged user from performing a brute-force
: attack on the encrypted data.
And the same holds for Unix. In Unix, though, the default is to have /etc/passwd world-readable, thus brute-force attacks are possible, unless your version of Unix has password shadowing...
-- U U M M M M Szymon Sokol -- Network Manager U U MM MM MM MM University of Mining and Metallurgy, Computer Center U U M M M M M M M M ave. Mickiewicza 30, 30-059 Krakow, POLAND UUUUU M M M M M M TEL. +48 12 338100 EXT. 2885 FAX +48 12 338907Received on Wed Jul 07 1993 - 11:09:52 CEST