Re: Decode Oracle Password?

From: Terje Malmedal <malmedal_at_ulrik.uio.no>
Date: 1996/03/21
Message-ID: <4irplv$lq1_at_ratatosk.uio.no>#1/1

[David Trahan]
> tkyte_at_us.oracle.com (Thomas J Kyte) wrote:
>> dtrahan_at_tyler.ultranet.com (David Trahan) wrote:

>>> qq45_at_liverpool.ac.uk (Ms. D.H. Harvey) wrote:

>>>> Is there any way to decode an oracle user's password?  We'd like to
>>>> check those of users accessing our server over our network are not
>>>> easily guessable.

>>>> TIA
>>>> Helen

>>> SQL<>SECURE from BrainTree Technology does this and much more.
>>> See http://www.sqlsecure.com, email to info_at_sqlsecure.com or
>>> call (617) 982-0200

>> You don't mean the SQL<>SECURE decode's oracle passwords do you?

> Indirectly - yes it does. It can check each user's password against
> a dictionary of supplied words, the username, and common keyboard
> combinations and determine if the password is weak. If the password
> is weak, it is flagged as such but the actual password value is not
> reported to the user since it would obviously be a glaring security
> violation (obviously - though - the software knows what the password
> is).

You wouldn't happen to know the exact algorithm oracle uses to encrypt its passwords? Then we could incorporate it into Crack which is what we are using to check the unix passwords.

-- 
 - Terje
malmedal_at_usit.uio.no

Received on Thu Mar 21 1996 - 00:00:00 CET

This message: [ Message body ]
Next message: Bob Cunningham: "Re: Time differences?"
Previous message: Jason Pociask: "Re: Delphi vs Oracle 2000 vs VB 4.0 ???"
Maybe in reply to: Ms. D.H. Harvey: "Decode Oracle Password?"
In reply to Thomas J Kyte: "Re: Decode Oracle Password?"
Next in thread: Bob Cunningham: "Re: Time differences?"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message