Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
![]() |
![]() |
Home -> Community -> Usenet -> c.d.o.server -> Re: cracking Oracle passwds
The idea isfor the oracle dba to use a 'crack' utility to expose guessable or lame passwords and inform the oracle user their password needs to be decent.
I know crack does good work for unix sysadmin folks. Oracle should have a similar tool. In my searching of the oracle docs I have found none. I figured there may be other methods to apply.
The method 2 is what I would like to try. Does oracle used the same hash algorythm as Unix to encrypt passwords? If not, what is the hashing algorythm they use? I would not be against putting some time into a perl to encrypt strings for comparison.
GC wrote in message <38C6DE3F.C7E1CE04_at_hotmail.com>...
>Steven Hauser wrote:
>> 2> as sys get the encrypted string version of the password from
>> dba_users, figure out the crypt calls from oracle
>> start crypting and comparing to the encrypted string.
>
>If you have sys, there is no need to do this. There is already a command
>that allows you to change a users password, login in as the user, and
>change is back to the original password when you are done.
>
>Cheers,
>GC
Received on Thu Mar 09 2000 - 00:00:00 CST
![]() |
![]() |