Re: Decode Oracle Password?
Date: 1996/03/25
Message-ID: <DotCKJ.or.0.-s_at_hkusuc.hku.hk>#1/1
Alex Fan
In article <dasidwel-2003960858370001_at_dasidwel-mac.us.oracle.com>,
dasidwel_at_us.oracle.com (David Sidwell) wrote:
>In article <4imdq5$uv1_at_caesar.ultra.net>, dtrahan_at_tyler.ultranet.com
>(David Trahan) wrote:
>
>> tkyte_at_us.oracle.com (Thomas J Kyte) wrote:
>>
>> >dtrahan_at_tyler.ultranet.com (David Trahan) wrote:
>> >>qq45_at_liverpool.ac.uk (Ms. D.H. Harvey) wrote:
>> >>>Is there any way to decode an oracle user's password? We'd like to
>> >>>check those of users accessing our server over our network are not
>> >>>easily guessable.
>> >>> TIA
>> >>> Helen
>> >>SQL<>SECURE from BrainTree Technology does this and much more.
>> >>See http://www.sqlsecure.com, email to info_at_sqlsecure.com or
>> >>call (617) 982-0200
>> >You don't mean the SQL<>SECURE decode's oracle passwords do you?
>>
>> Indirectly - yes it does. It can check each user's password against
>> a dictionary of supplied words, the username, and common keyboard
>> combinations and determine if the password is weak. If the password
>> is weak, it is flagged as such but the actual password value is not
>> reported to the user since it would obviously be a glaring security
>> violation (obviously - though - the software knows what the password
>> is).
>>
>
>Indirectly, no it doesn't. The password is encrypted in a one-way
>algorithm which prevents *decryption*. Repeated guesses of weak
>passwords until you get an encrypted matych is not the same thing as
>decryption.
>
>>
>> Dave
>>
>> Dave Trahan
>> dtrahan_at_ultranet.com
Received on Mon Mar 25 1996 - 00:00:00 CET