> Does "CHANGE_ON_INSTALL" have the same hash value for every > version and every instance?
Yes, it does. Check: http://www.pentest-limited.com/default-user.htm This is a pentest list of default Oracle passwords. I've used this to create a perl script that checks for default passwords. It doesn't matter which version of Oracle. Jared "Jesse, Rich" <[EMAIL PROTECTED]> Sent by: [EMAIL PROTECTED] 12/17/2002 11:03 AM Please respond to ORACLE-L To: Multiple recipients of list ORACLE-L <[EMAIL PROTECTED]> cc: Subject: RE: password Interesting. Does "CHANGE_ON_INSTALL" have the same hash value for every version and every instance? Not being much of a hacker (anymore) I would think that with only one algorithm and several known passwords (you can generate them yourself), this wouldn't be much of a challenge to real hackers. Hell, the client encrypts it to send to the server, right? That code could be reverse engineered, too. BTW, VMS has many algorithms in play to help prevent such an attack on it's passwords. <plug plug> Oh to have the spare time of a 15-year old again... :) Rich Rich Jesse System/Database Administrator [EMAIL PROTECTED] Quad/Tech International, Sussex, WI USA > -----Original Message----- > From: Ruth Gramolini [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, December 17, 2002 12:39 PM > To: Multiple recipients of list ORACLE-L > Subject: Re: password > > > Wrong, I took my first Oracle class with a woman who had cracked the > algorithm. At the time, I didn't know enough to ask her for it. > > Ruth > ----- Original Message ----- > To: "Multiple recipients of list ORACLE-L" <[EMAIL PROTECTED]> > Sent: Tuesday, December 17, 2002 12:04 PM > > > How, Oracle does not publish the password encryption algorithm, > and I don't believe anyone has cracked it. > > Jared > > > > > > > Paulo Gomes <[EMAIL PROTECTED]> > Sent by: [EMAIL PROTECTED] > 12/17/2002 04:38 AM > Please respond to ORACLE-L > > > To: Multiple recipients of list ORACLE-L > <[EMAIL PROTECTED]> > cc: > Subject: RE: password > > > nope u can get the encripted password from the oracle dictionáry > -----Original Message----- > Sent: terça-feira, 17 de Dezembro de 2002 11:34 > To: Multiple recipients of list ORACLE-L > > Check the post-it note on their monitor? > > :) > -----Original Message----- > Sent: 17 December 2002 10:55 > To: Multiple recipients of list ORACLE-L > > he can't but he can change it to a new one and then put the > old back on > -----Original Message----- > Sent: terça-feira, 17 de Dezembro de 2002 4:09 > To: Multiple recipients of list ORACLE-L > > how can a dba see the password of a user. -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Jesse, Rich INET: [EMAIL PROTECTED] Fat City Network Services -- 858-538-5051 http://www.fatcity.com San Diego, California -- Mailing list and web hosting services --------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: INET: [EMAIL PROTECTED] Fat City Network Services -- 858-538-5051 http://www.fatcity.com San Diego, California -- Mailing list and web hosting services --------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
