Re: Oracle Password Encryption Algorithm

From: Chris Urban <christopher.urban_at_msfc.nasa.gov>
Date: 1997/03/13
Message-ID: <33282EA5.1041_at_msfc.nasa.gov>#1/1

Rob van Lopik wrote:

> > If the alogorithm were published, it would kind of defeat the purpose
> > of having a password now, wouldn't it???
>
> No, it doesn't, because it is supposed to be one-way only. Your password
> gets hashed into something that is stored in the database, but the
> algorithm cannot be run the other way around, that is, you cannot produce
> the clear password from the rubbish that you will find in DBA_USERS.
> Give me one week, an encoded password, and a 'one way' algorithm and I
guarantee you I can come up with the original password. This would pose a major security risk for Oracle to publish. Lets be realistic. Received on Thu Mar 13 1997 - 00:00:00 CET

This message: [ Message body ]
Next message: jim cox: "Re: Oracle Password Encryption Algorithm"
Maybe in reply to: Frank Kobylanski: "Re: Oracle Password Encryption Algorithm"
In reply to Rob van Lopik: "Re: Oracle Password Encryption Algorithm"
Next in thread: jim cox: "Re: Oracle Password Encryption Algorithm"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message