| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Mailing Lists -> Oracle-L -> RE: password
I don't think the x failed attempts lock will do anything. Because
in this case they are not brute forcing it by trying to log in. It
assumes you have access to the one-way encrypted(hashed) passwords
and brute force on that. Just like you got hold of the /etc/shadow file
on Unix and run cracker jack to brute force attack it. So you do need
to get hold of the file first which could be a tricky part.
-----Original Message-----
Sent: Tuesday, December 17, 2002 2:16 PM
To: Multiple recipients of list ORACLE-L
it's definitely a one-way encryption on the password, I forget where I read it but I do know that's true.
I think that in addition to a strong password, if you lock an account after x failed attempts then they'd have to be REALLY lucky to guess it on the first few tries.
Rachel
--- John Kanagaraj <john.kanagaraj_at_hds.com> wrote:
> Jared,
>
> This seems to be a 'brute force' dictionary based attack, as I
> believe the
> Oracle password is a one-way trapdoor (just as UNIX). I don't think
> this
> will be able to crack a strong password created from say a
> combination of
> the first characters of an arbitrary sentence.
>
> John Kanagaraj
> Oracle Applications DBA
> DBSoft Inc
> (W): 408-970-7002
>
> So WHO is the Reason for the Season?! Write me for details!
>
> ** The opinions and statements above are entirely my own and not
> those of my
> employer or clients **
>
>
> > -----Original Message-----
> > From: Jared.Still_at_radisys.com [mailto:Jared.Still_at_radisys.com]
> > Sent: Tuesday, December 17, 2002 9:09 AM
> > To: Multiple recipients of list ORACLE-L
> > Subject: RE: password
> >
> >
> > Hmm...
> >
> > Well maybe you *can* crack oracle passwords.
> >
> > I've just ordered the full version of this product. ( $4, I don't
> > think I need to bother the purchasing department ).
> >
> > I'll let you know how it works.
> >
> > Jared
> >
> --
> Please see the official ORACLE-L FAQ: http://www.orafaq.com
> --
> Author: John Kanagaraj
> INET: john.kanagaraj_at_hds.com
>
> Fat City Network Services -- 858-538-5051 http://www.fatcity.com
> San Diego, California -- Mailing list and web hosting services
> ---------------------------------------------------------------------
> To REMOVE yourself from this mailing list, send an E-Mail message
> to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
> the message BODY, include a line containing: UNSUB ORACLE-L
> (or the name of mailing list you want to be removed from). You may
> also send the HELP command for other information (like subscribing).
>
-- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Rachel Carmichael INET: wisernet100_at_yahoo.com Fat City Network Services -- 858-538-5051 http://www.fatcity.com San Diego, California -- Mailing list and web hosting services --------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Richard Ji INET: richard.ji_at_mobilespring.com Fat City Network Services -- 858-538-5051 http://www.fatcity.com San Diego, California -- Mailing list and web hosting services --------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).Received on Tue Dec 17 2002 - 13:55:14 CST
 |
 |