Re: Oracle password encryption algorithm?SKIP

From: Szymon Sokol <szymon_at_galaxy.uci.agh.edu.pl>
Date: 7 Jul 1993 11:09:52 +0200
Message-ID: <21e3t0INNo8p_at_galaxy.uci.agh.edu.pl>

Dan Wing (dwing_at_uh01.colorado.edu) wrote:
: The primary strength of the VMS password encryption scheme isn't that the
: ciphertext is protected from non-privileged users.

: The primary strength is that the passwords are encrypted with a one-way
: function; once the data (the password) has been encrypted, it cannot be
: decrypted into its original form without a brute-force attack. The fact that
: the file containing the encrypted passwords is unavailable to non-privileged
: users only prevents a non-privileged user from performing a brute-force
: attack on the encrypted data.

And the same holds for Unix. In Unix, though, the default is to have /etc/passwd world-readable, thus brute-force attacks are possible, unless your version of Unix has password shadowing...

-- 
U     U  M     M  M     M  Szymon Sokol -- Network Manager
U     U  MM   MM  MM   MM  University of Mining and Metallurgy, Computer Center
U     U  M M M M  M M M M  ave. Mickiewicza 30, 30-059 Krakow, POLAND
 UUUUU   M  M  M  M  M  M  TEL. +48 12 338100 EXT. 2885    FAX +48 12 338907

Received on Wed Jul 07 1993 - 11:09:52 CEST

This message: [ Message body ]
Next message: Graeme Sargent: "Re: TPC-A and -B Benchmarks"
Previous message: dly_at_vms.macc.wisc.edu: "LONG want to convert to VARCHAR"
In reply to Dan Wing: "Re: Oracle password encryption algorithm?SKIP"
Next in thread: Alexander Koerner: "Re: TPC-A and -B Benchmarks"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message