| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Mailing Lists -> Oracle-L -> RE: ORA_ENCRYPT_LOGIN
Even without this parameter being set the password is encrypted. What the parameter does is stop the password from being sent in the clear if logging in with the encrypted password fails. I believe the encryption is a 54-bit variant of DES. It is very rare that someone improves DES by fiddling with it. It also always encrypts to the same value and provides no protection against replay attacks.
Ian MacGregor
Stanford Linear Accelerator Center
ian_at_SLAC.Stanford.edu <mailto:ian_at_SLAC.Stanford.edu>
-----Original Message-----
Sent: Tuesday, May 21, 2002 9:34 AM
To: Multiple recipients of list ORACLE-L
Anyone using this and if so, do you know of a way to verify that the password is actually being encrypted?
Thanks.
--
Please see the official ORACLE-L FAQ: http://www.orafaq.com
--
Author: MacGregor, Ian A.
INET: ian_at_SLAC.Stanford.EDU
Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051 San Diego, California -- Public Internet access / Mailing Lists --------------------------------------------------------------------To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). Received on Tue May 21 2002 - 19:18:21 CDT
 |
 |