Also should be machine/OS/database_release independent for the same reason.
(username & encrypted password are hardcoded in the export file, and they
get cloned exactly during the import. So the algorithm has to be unique and
consistent.
Waleed
-----Original Message-----
Sent: Tuesday, December 17, 2002 5:47 PM
To: 'ORACLE-L_at_fatcity.com'
It has to be this way to guarantee the backward/forward compatibility of
Oracle export files.
Regards,
Waleed
-----Original Message-----
Sent: Tuesday, December 17, 2002 5:22 PM
To: Multiple recipients of list ORACLE-L
I've tested this on versions 7 - 9.
Version and platform do not matter. Hash is
determined by username and password.
Jared
david hill <david.hill_at_lechateau.ca>
Sent by: root_at_fatcity.com
12/17/2002 01:26 PM
Please respond to ORACLE-L
To: Multiple recipients of list ORACLE-L <ORACLE-L_at_fatcity.com>
cc:
Subject: RE: password
I created a user test identified by test on 2 separate systems in db's
with different names
The password value was the same
Can someone verify if it is the same on their system
Create user test identified by test;
select password from dba_users where username = 'TEST';
PASSWORD
7A0F2B316C212D67
-----Original Message-----
Sent: Tuesday, December 17, 2002 3:15 PM
To: Multiple recipients of list ORACLE-L
how does trying a password on your own private database help crack a
password on a different database?
I vaguely recall a conversation (I *think* it was with Kevin Loney)
that part of the encryption key is the database name as well.
- Ari Kaplan <ari.kaplan_at_xb.com> wrote:
> This program allows you to attemp password "guesses" on a different
> database. So, the program gets around the "x invalid tries and the
> account
> locks" by enabling the user to try passwords on their own private
> database.
>
> That's what their documentation said, anyway.
>
> -Ari
> -----Original Message-----
> Carmichael
> Sent: Tuesday, December 17, 2002 1:16 PM
> To: Multiple recipients of list ORACLE-L
>
>
> it's definitely a one-way encryption on the password, I forget where
> I
> read it but I do know that's true.
>
> I think that in addition to a strong password, if you lock an account
> after x failed attempts then they'd have to be REALLY lucky to guess
> it
> on the first few tries.
>
> Rachel
> --- John Kanagaraj <john.kanagaraj_at_hds.com> wrote:
> > Jared,
> >
> > This seems to be a 'brute force' dictionary based attack, as I
> > believe the
> > Oracle password is a one-way trapdoor (just as UNIX). I don't think
> > this
> > will be able to crack a strong password created from say a
> > combination of
> > the first characters of an arbitrary sentence.
> >
> > John Kanagaraj
> > Oracle Applications DBA
> > DBSoft Inc
> > (W): 408-970-7002
> >
> > So WHO is the Reason for the Season?! Write me for details!
> >
> > ** The opinions and statements above are entirely my own and not
> > those of my
> > employer or clients **
> >
> >
> > > -----Original Message-----
> > > From: Jared.Still_at_radisys.com [mailto:Jared.Still_at_radisys.com]
> > > Sent: Tuesday, December 17, 2002 9:09 AM
> > > To: Multiple recipients of list ORACLE-L
> > > Subject: RE: password
> > >
> > >
> > > Hmm...
> > >
> > > Well maybe you *can* crack oracle passwords.
> > >
> > > I've just ordered the full version of this product. ( $4, I
> don't
> > > think I need to bother the purchasing department ).
> > >
> > > I'll let you know how it works.
> > >
> > > Jared
> > >
> > --
> > Please see the official ORACLE-L FAQ: http://www.orafaq.com
> > --
> > Author: John Kanagaraj
> > INET: john.kanagaraj_at_hds.com
> >
> > Fat City Network Services -- 858-538-5051 http://www.fatcity.com
> > San Diego, California -- Mailing list and web hosting
> services
> >
> ---------------------------------------------------------------------
> > To REMOVE yourself from this mailing list, send an E-Mail message
> > to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
> > the message BODY, include a line containing: UNSUB ORACLE-L
> > (or the name of mailing list you want to be removed from). You may
> > also send the HELP command for other information (like
> subscribing).
> >
>
>
> __________________________________________________
> Do you Yahoo!?
> Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
> http://mailplus.yahoo.com
> --
> Please see the official ORACLE-L FAQ: http://www.orafaq.com
> --
> Author: Rachel Carmichael
> INET: wisernet100_at_yahoo.com
>
> Fat City Network Services -- 858-538-5051 http://www.fatcity.com
> San Diego, California -- Mailing list and web hosting services
> ---------------------------------------------------------------------
> To REMOVE yourself from this mailing list, send an E-Mail message
> to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
> the message BODY, include a line containing: UNSUB ORACLE-L
> (or the name of mailing list you want to be removed from). You may
> also send the HELP command for other information (like subscribing).
>
>
> --
> Please see the official ORACLE-L FAQ: http://www.orafaq.com
> --
> Author: Ari Kaplan
> INET: ari.kaplan_at_xb.com
>
> Fat City Network Services -- 858-538-5051 http://www.fatcity.com
> San Diego, California -- Mailing list and web hosting services
> ---------------------------------------------------------------------
> To REMOVE yourself from this mailing list, send an E-Mail message
> to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
> the message BODY, include a line containing: UNSUB ORACLE-L
> (or the name of mailing list you want to be removed from). You may
> also send the HELP command for other information (like subscribing).
>
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com
--
Please see the official ORACLE-L FAQ: http://www.orafaq.com
--
Author: Rachel Carmichael
INET: wisernet100_at_yahoo.com
Fat City Network Services -- 858-538-5051 http://www.fatcity.com
San Diego, California -- Mailing list and web hosting services
---------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from). You may
also send the HELP command for other information (like subscribing).
--
Please see the official ORACLE-L FAQ: http://www.orafaq.com
--
Author:
INET: Jared.Still_at_radisys.com
Fat City Network Services -- 858-538-5051 http://www.fatcity.com
San Diego, California -- Mailing list and web hosting services
---------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from). You may
also send the HELP command for other information (like subscribing).
--
Please see the official ORACLE-L FAQ: http://www.orafaq.com
--
Author: Khedr, Waleed
INET: Waleed.Khedr_at_FMR.COM
Fat City Network Services -- 858-538-5051 http://www.fatcity.com
San Diego, California -- Mailing list and web hosting services
---------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from). You may
also send the HELP command for other information (like subscribing).
Received on Tue Dec 17 2002 - 16:57:10 CST
