Verifying passwords have been changed in oracle

I know questions like this have been asked a number of times in the past, but I haven't found an answer that works...

We are beginning to deploy Oracle 9.2.0.1.0 systems in our environment. We want to ensure the installer _has_ changed the SYS and SYSTEM password from the defaults. We are developing an automated audit script which will be run (as SYSDBA) to check this sort of thing.

Previous answers given to this appear to be:

  Option 1: attempt to connect as system/manager.

  Downside: auditing of these accounts will be strict. Showing additional     login success or fail attempts will help obfuscate any real audit     alert oddities. Our security team has complained about this

  Option 2: attempt to change the password, check teh crypt string, change     it back

  Downside: Apart from a small window where the password may be wrong, we     have password verification functions in place which means we _can't_     set MANAGER as the password; the password change fails when I attempt     to do 'alter user system identified by manager' because there are no     digits or whatever else the verification function requires. There is     no way I'll be allowed to disable that temporarily!

So I need another way of verifying the current password is no longer the default value. Any ideas are much appreciated.

Thanks!

-- 
                                 Stephen Harris
                              sweh_at_spuddy.mew.co.uk
      The truth is the truth, and opinion just opinion.  But what is what?
       My employer pays to ignore my opinions; you get to do it for free.