Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> RE: password

RE: password

From: <Jared.Still_at_radisys.com>
Date: Tue, 17 Dec 2002 11:34:41 -0800
Message-ID: <F001.0051BA24.20021217113441@fatcity.com> 





Ari,



If the algorithm is any good, the cracker should
find SHO3LAC3, as that is a weak password.



Unix crackers would pick this up.



Jared








"Ari Kaplan" <ari.kaplan_at_xb.com>


Sent by: root_at_fatcity.com


 12/17/2002 10:44 AM


 Please respond to ORACLE-L

 

        To:     Multiple recipients of list ORACLE-L <ORACLE-L_at_fatcity.com>
        cc: 
        Subject:        RE: password






This program does not reverse-engineer or decrypt Oracle passwords. It 
does


a dictionary forward brute-force "hack". So, if the user's password is not
in the list of pre-defined words then the password is never revealed. This
just encourages DBAs to enforce password management. See the 
verify_function


for password management in Oracle for details.



For example, setting your password to "SHOELACE" would be detected by this
program, as it is in the English dictionary. "SH03LAC3" would not.



Basic rules of having a combination of characters, numbers, and 
punctuation


marks, and not writing your password on a slip of paper by your monitor, 
all


lead to a safe environment.



-Ari



-----Original Message-----


Carmichael


Sent: Tuesday, December 17, 2002 12:14 PM
To: Multiple recipients of list ORACLE-L




oh this is very scary.... especially that price



did you try out the demo? I'm still in "catch-up, deal with crises"
mode so I haven't had a chance



Rachel





-- 
Please see the official ORACLE-L FAQ: http://www.orafaq.com
-- 
Author: Ari Kaplan
  INET: ari.kaplan_at_xb.com

Fat City Network Services    -- 858-538-5051 http://www.fatcity.com
San Diego, California        -- Mailing list and web hosting services
---------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).




-- 
Please see the official ORACLE-L FAQ: http://www.orafaq.com
-- 
Author: 
  INET: Jared.Still_at_radisys.com

Fat City Network Services    -- 858-538-5051 http://www.fatcity.com
San Diego, California        -- Mailing list and web hosting services
---------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).


Received on Tue Dec 17 2002 - 13:34:41 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US