Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> ASO Encryption Question

ASO Encryption Question

From: Scott Canaan <srcdco_at_rit.edu>
Date: Thu, 15 Mar 2007 08:56:40 -0400
Message-ID: <D0A642D37DE30842AA667A9AFFE3951A03675387@svits11.main.ad.rit.edu> 





    We have been tasked with explaining exactly how Oracle implements
ASO.  The security person has already done some leg work to determine
that Oracle uses a Diffie-Hellman algorithm to come up with a session
key.  Since the default Diffie-Hellman algorithm is subject to a "man in
the middle" attack, Oracle folds in some other piece of authentication.
The Oracle documentation is vague on what that piece of authentication
is, which is understandable.  However, he has been tasked with
explaining in detail how it works so that the connection can be declared
as secure.



    His guess is that the piece of authentication is the username /
password or just the password.  Can someone enlighten us on what exactly
that piece of authentication is?

 



Thank you,

 



Scott Canaan '88 (Scott.Canaan_at_rit.edu)



(585) 475-7886



"Life is like a sewer, what you get out of it depends on what you put
into it." - Tom Lehrer.

 



--
http://www.freelists.org/webpage/oracle-l


Received on Thu Mar 15 2007 - 07:56:40 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US