Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: cracking Oracle passwds

Re: cracking Oracle passwds

From: Greg Tupper <gtupper_at_tupper.dhs.org>
Date: 2000/03/09
Message-ID: <IrEx4.11464$%85.101905@hnlnewsr1.hawaii.rr.com>#1/1

The idea isfor the oracle dba to use a 'crack' utility to expose guessable or lame passwords and inform the oracle user their password needs to be decent.

I know crack does good work for unix sysadmin folks. Oracle should have a similar tool. In my searching of the oracle docs I have found none. I figured there may be other methods to apply.

The method 2 is what I would like to try. Does oracle used the same hash algorythm as Unix to encrypt passwords? If not, what is the hashing algorythm they use? I would not be against putting some time into a perl to encrypt strings for comparison.

GC wrote in message <38C6DE3F.C7E1CE04_at_hotmail.com>...
>Steven Hauser wrote:
>> 2> as sys get the encrypted string version of the password from
>> dba_users, figure out the crypt calls from oracle
>> start crypting and comparing to the encrypted string.
>
>If you have sys, there is no need to do this. There is already a command
>that allows you to change a users password, login in as the user, and
>change is back to the original password when you are done.
>
>Cheers,
>GC
Received on Thu Mar 09 2000 - 00:00:00 CST

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US