Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.misc -> Re: password encryption

Re: password encryption

From: Vladimir M. Zakharychev <bob--nospam--_at_dynamicpsp.com>
Date: Tue, 13 Jun 2006 11:13:27 +0400
Message-ID: <e6loir$gs7$1@hypnos.nordnet.ru>

"Andreas Moroder" <Andreas.moroder@[nospam]sb-brixen.it> wrote in message news:e6jjnj$kdt$1_at_news.dtag.de...
> Mark D Powell schrieb:
>> If you are referring to the interal database storage of passwords then
>> the password is not encrypted; it is hashed. A paper has been
>> published on how to break the Oracle hash, but I do not think the
>> approximate 20 day average time to crack the hash will work for your
>> purposes..
> ....
>
> hello Mark,
>
> no plans to crack it. Even the passwor in md5 are not encrypted but hashed
> with MD5. If even oracle uses md5 it should be possible to simply import
> the openldap passord into the oracle dba_users table and it should work.
>
> Bye
> Andreas

No, not MD5. Oracle uses proprietary hashing algorithm. As previously noted, there is a paper on cracking Oracle password hashes which describes the algorithm in detail. However, even if it was MD5, you couldn't "simply import the openldap passord into the oracle dba_users table", because it's not a table, but a view on top of a system table that's normally protected from direct modifications (of course, if you're SYSDBA, you can hack around the dictionary at will, but you will end up with an unsupported database at least and damaged beyond repair at worst.) One thing you can do is to write a password verification function and use dbms_ldap to sync the directory with the password being verified. This will allow you to sync Oracle to LDAP, but not back (not what you want.) Another way is to use Oracle Internet Directory and Advanced Security Option to have Oracle users authenticated globally. The docs say that third-party directory services are supported under certain conditions, too. This solution is pretty expensive though.

Regards,

   Vladimir M. Zakharychev
   N-Networks, makers of Dynamic PSP(tm)    http://www.dynamicpsp.com Received on Tue Jun 13 2006 - 02:13:27 CDT

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US