Rachel Carmichael wrote: > > how does trying a password on your own private database help crack a > password on a different database? > > I vaguely recall a conversation (I *think* it was with Kevin Loney) > that part of the encryption key is the database name as well. >
Rachel, This is probably wrong, otherwise you would have to reinitiate passwords each time you do a full import (which recreates the users with 'IDENTIFIED BY VALUES' - eg reloads the crypted password as is) or clone a database. What it depends on for sure is the username and/or user#, because the same password given to different users hashes into something different. More likely to be the user#, I _think_ that I remember that if you drop a user and recreate the account with the same password, the resulting encrypted password is different. -- Regards, Stephane Faroult Oriole Software -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Stephane Faroult INET: [EMAIL PROTECTED] Fat City Network Services -- 858-538-5051 http://www.fatcity.com San Diego, California -- Mailing list and web hosting services --------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
