Re: Decode Oracle Password?

From: David Sidwell <dasidwel_at_us.oracle.com>
Date: 1996/03/20
Message-ID: <dasidwel-2003960858370001_at_dasidwel-mac.us.oracle.com>#1/1

In article <4imdq5$uv1_at_caesar.ultra.net>, dtrahan_at_tyler.ultranet.com (David Trahan) wrote:

> tkyte_at_us.oracle.com (Thomas J Kyte) wrote:
>
> >dtrahan_at_tyler.ultranet.com (David Trahan) wrote:

> >>qq45_at_liverpool.ac.uk (Ms. D.H. Harvey) wrote:

> >>>Is there any way to decode an oracle user's password? We'd like to
> >>>check those of users accessing our server over our network are not
> >>>easily guessable.

> >>> TIA
> >>> Helen

> >>SQL<>SECURE from BrainTree Technology does this and much more.
> >>See http://www.sqlsecure.com, email to info_at_sqlsecure.com or
> >>call (617) 982-0200

> >You don't mean the SQL<>SECURE decode's oracle passwords do you?
>
> Indirectly - yes it does. It can check each user's password against
> a dictionary of supplied words, the username, and common keyboard
> combinations and determine if the password is weak. If the password
> is weak, it is flagged as such but the actual password value is not
> reported to the user since it would obviously be a glaring security
> violation (obviously - though - the software knows what the password
> is).
>

Indirectly, no it doesn't. The password is encrypted in a one-way algorithm which prevents *decryption*. Repeated guesses of weak passwords until you get an encrypted matych is not the same thing as decryption.

>
> Dave
>
> Dave Trahan
> dtrahan_at_ultranet.com
Received on Wed Mar 20 1996 - 00:00:00 CET

This message: [ Message body ]
Next message: Lance Evans: "Re: Comparing Java to C++"
Previous message: David Trahan: "Re: Decode Oracle Password?"
Maybe in reply to: Ms. D.H. Harvey: "Decode Oracle Password?"
In reply to David Trahan: "Re: Decode Oracle Password?"
Next in thread: Lance Evans: "Re: Comparing Java to C++"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message