Even
without this parameter being set the password is encrypted. What the
parameter does is stop the password from being sent in the clear if logging in
with the encrypted password fails. I believe the encryption is a
54-bit variant of DES. It is very rare that someone improves
DES by fiddling with it. It also always encrypts to the same value and
provides no protection against replay attacks.
Ian
MacGregor
Stanford Linear Accelerator Center
-----Original Message-----
From: Richard Huntley [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, May 21, 2002 9:34 AM
To: Multiple recipients of list ORACLE-L
Subject: ORA_ENCRYPT_LOGINAnyone using this and if so, do you know of a way to verify that the password is actually being encrypted?Thanks.
