Re: Oracle password encryption algorithm?SKIP

From: PIOCH Nicolas <pioch_at_poly.polytechnique.fr>
Date: Mon, 5 Jul 1993 14:08:54 GMT
Message-ID: <C9p3Au.889_at_polytechnique.fr>


In his delirium, gur_at_hadassah.bitnet
babbled the following on comp.databases.oracle,comp.security.misc: X In article <1993Jul2.213313.16282_at_exlog.com>, lparsons_at_exlog.com (Lee Parsons) writes:

X > In article <1993Jul1.134033.1_at_cbr.hhcs.gov.au> pihlab_at_cbr.hhcs.gov.au writes:
X >>then there would be no point in having a password because the encrypted value
X >>is stored (visible) in the database and you could run a program to crack
X Just compare the situation with the VMS passwords. X Not only the algorithm is known, but there is even a system service to X encrypt a string using it. However the users authorization file is X inaccessible to unprivileged mortals.

Just compare the situation with the Uni*x passwords. Not only is the algorithm known, but there is even a system service to encrypt a string using it, and packages to crack /etc/passwd's files, and users gaining rewt access because r00t has a suid-bit shell-script to clean /tmp or reset the printer or whatever. Received on Mon Jul 05 1993 - 16:08:54 CEST

Original text of this message