Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.misc -> Re: converting oracle passwords

Re: converting oracle passwords

From: Mark D Powell <mark.powell_at_eds.com>
Date: 23 Aug 2002 17:16:04 -0700
Message-ID: <178d2795.0208231616.321d0fb@posting.google.com> 





notherdba <member_at_dbfoums.com> wrote in message news:<1728590.1030054095_at_dbforums.com>...


> Actually this is a vailid problem for trusted DBA's.  I have stumbled

> across part of the solution whil writing a java routine to encrypt

> password for storage in ini files.

> 

> The encryption is actually done in a simple PGP style hex conversion

> based on a seed code.  The stumper was that they use the username to

> salt the password (That's why all Oracle encrypted paswords are 16

> characters lon, they only use a portion of the username).  To verify you

> can create 2 user accounts and set the passowrds the same, then look in

> dba_users to see the results.

> 

> I can currently resolve 12 of the 16 charcters with a java routine I

> have written.  I am working on the rest.




Just out of curiousity have you verified what you have works, so far,
for different userid/password combinations?



I would have thought Oracle would have used a hash table with the key
being generated from the userid/password then they would be no
decryption possible since there would not be a direct translation of A
to any set value.



But if you have the time to figure this out you have way too much free
time.




Received on Fri Aug 23 2002 - 19:16:04 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US