Re: Decode Oracle Password?

From: Thomas J Kyte <tkyte_at_us.oracle.com>
Date: 1996/03/26
Message-ID: <4j7lde$or1_at_inet-nntp-gw-1.us.oracle.com>#1/1

alexfan_at_hkuppc9.hku.hk (Alex Fan) wrote:

>In this case, what is the encoding algorithm Oracle use ?
>Is there any build in function to preform password encoding

Not that I am aware of. The encoding scheme is platform independant (eg: the password for the user SCOTT will mangle to the same mess on every platform from Windows to a Mainframe) as well as one way (eg: we never need to decrypt the password again, only encrypt userid/password combos to see if they match).

>Alex Fan

>In article <dasidwel-2003960858370001_at_dasidwel-mac.us.oracle.com>,
>dasidwel_at_us.oracle.com (David Sidwell) wrote:
>>In article <4imdq5$uv1_at_caesar.ultra.net>, dtrahan_at_tyler.ultranet.com
>>(David Trahan) wrote:
>>
>>> tkyte_at_us.oracle.com (Thomas J Kyte) wrote:
>>>
>>> >dtrahan_at_tyler.ultranet.com (David Trahan) wrote:

>>> >>qq45_at_liverpool.ac.uk (Ms. D.H. Harvey) wrote:

>>> >>>Is there any way to decode an oracle user's password? We'd like to
>>> >>>check those of users accessing our server over our network are not
>>> >>>easily guessable.

>>> >>> TIA
>>> >>> Helen

>>> >>SQL<>SECURE from BrainTree Technology does this and much more.
>>> >>See http://www.sqlsecure.com, email to info_at_sqlsecure.com or
>>> >>call (617) 982-0200

>>> >You don't mean the SQL<>SECURE decode's oracle passwords do you?
>>>
>>> Indirectly - yes it does. It can check each user's password against
>>> a dictionary of supplied words, the username, and common keyboard
>>> combinations and determine if the password is weak. If the password
>>> is weak, it is flagged as such but the actual password value is not
>>> reported to the user since it would obviously be a glaring security
>>> violation (obviously - though - the software knows what the password
>>> is).
>>>
>>
>>Indirectly, no it doesn't. The password is encrypted in a one-way
>>algorithm which prevents *decryption*. Repeated guesses of weak
>>passwords until you get an encrypted matych is not the same thing as
>>decryption.
>>
>>>
>>> Dave
>>>
>>> Dave Trahan
>>> dtrahan_at_ultranet.com

Thomas Kyte
tkyte_at_us.oracle.com
Oracle Government

opinions and statements are mine and do not necessarily reflect the opinions of Oracle Corporation. Received on Tue Mar 26 1996 - 00:00:00 CET

This message: [ Message body ]
Next message: stowe_at_mcs.net: "Re: Package Information For Oracle"
Previous message: SSpiars: "Re: Normalizing vs. Denormalizing"
Maybe in reply to: Ms. D.H. Harvey: "Decode Oracle Password?"
In reply to Alex Fan: "Re: Decode Oracle Password?"
Next in thread: stowe_at_mcs.net: "Re: Package Information For Oracle"
Reply: Donna Kray: "Re: Daylight Savings and Redo Logs"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message