I've tested this on versions 7 - 9.
Version and platform do not matter. Hash is
determined by username and password.
Jared
david hill <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED]
12/17/2002 01:26 PM
Please respond to ORACLE-L
To: Multiple recipients of list ORACLE-L <[EMAIL PROTECTED]>
cc:
Subject: RE: password
I created a user test identified by test on 2 separate systems in db's
with different names
The password value was the same
Can someone verify if it is the same on their system
Create user test identified by test;
select password from dba_users where username = 'TEST';
PASSWORD
------------------------------
7A0F2B316C212D67
-----Original Message-----
Sent: Tuesday, December 17, 2002 3:15 PM
To: Multiple recipients of list ORACLE-L
how does trying a password on your own private database help crack a
password on a different database?
I vaguely recall a conversation (I *think* it was with Kevin Loney)
that part of the encryption key is the database name as well.
--- Ari Kaplan <[EMAIL PROTECTED]> wrote:
> This program allows you to attemp password "guesses" on a different
> database. So, the program gets around the "x invalid tries and the
> account
> locks" by enabling the user to try passwords on their own private
> database.
>
> That's what their documentation said, anyway.
>
> -Ari
> -----Original Message-----
> Carmichael
> Sent: Tuesday, December 17, 2002 1:16 PM
> To: Multiple recipients of list ORACLE-L
>
>
> it's definitely a one-way encryption on the password, I forget where
> I
> read it but I do know that's true.
>
> I think that in addition to a strong password, if you lock an account
> after x failed attempts then they'd have to be REALLY lucky to guess
> it
> on the first few tries.
>
> Rachel
> --- John Kanagaraj <[EMAIL PROTECTED]> wrote:
> > Jared,
> >
> > This seems to be a 'brute force' dictionary based attack, as I
> > believe the
> > Oracle password is a one-way trapdoor (just as UNIX). I don't think
> > this
> > will be able to crack a strong password created from say a
> > combination of
> > the first characters of an arbitrary sentence.
> >
> > John Kanagaraj
> > Oracle Applications DBA
> > DBSoft Inc
> > (W): 408-970-7002
> >
> > So WHO is the Reason for the Season?! Write me for details!
> >
> > ** The opinions and statements above are entirely my own and not
> > those of my
> > employer or clients **
> >
> >
> > > -----Original Message-----
> > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> > > Sent: Tuesday, December 17, 2002 9:09 AM
> > > To: Multiple recipients of list ORACLE-L
> > > Subject: RE: password
> > >
> > >
> > > Hmm...
> > >
> > > Well maybe you *can* crack oracle passwords.
> > >
> > > I've just ordered the full version of this product. ( $4, I
> don't
> > > think I need to bother the purchasing department ).
> > >
> > > I'll let you know how it works.
> > >
> > > Jared
> > >
> > --
> > Please see the official ORACLE-L FAQ: http://www.orafaq.com
> > --
> > Author: John Kanagaraj
> > INET: [EMAIL PROTECTED]
> >
> > Fat City Network Services -- 858-538-5051 http://www.fatcity.com
> > San Diego, California -- Mailing list and web hosting
> services
> >
> ---------------------------------------------------------------------
> > To REMOVE yourself from this mailing list, send an E-Mail message
> > to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
> > the message BODY, include a line containing: UNSUB ORACLE-L
> > (or the name of mailing list you want to be removed from). You may
> > also send the HELP command for other information (like
> subscribing).
> >
>
>
> __________________________________________________
> Do you Yahoo!?
> Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
> http://mailplus.yahoo.com
> --
> Please see the official ORACLE-L FAQ: http://www.orafaq.com
> --
> Author: Rachel Carmichael
> INET: [EMAIL PROTECTED]
>
> Fat City Network Services -- 858-538-5051 http://www.fatcity.com
> San Diego, California -- Mailing list and web hosting services
> ---------------------------------------------------------------------
> To REMOVE yourself from this mailing list, send an E-Mail message
> to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
> the message BODY, include a line containing: UNSUB ORACLE-L
> (or the name of mailing list you want to be removed from). You may
> also send the HELP command for other information (like subscribing).
>
>
> --
> Please see the official ORACLE-L FAQ: http://www.orafaq.com
> --
> Author: Ari Kaplan
> INET: [EMAIL PROTECTED]
>
> Fat City Network Services -- 858-538-5051 http://www.fatcity.com
> San Diego, California -- Mailing list and web hosting services
> ---------------------------------------------------------------------
> To REMOVE yourself from this mailing list, send an E-Mail message
> to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
> the message BODY, include a line containing: UNSUB ORACLE-L
> (or the name of mailing list you want to be removed from). You may
> also send the HELP command for other information (like subscribing).
>
__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com
--
Please see the official ORACLE-L FAQ: http://www.orafaq.com
--
Author: Rachel Carmichael
INET: [EMAIL PROTECTED]
Fat City Network Services -- 858-538-5051 http://www.fatcity.com
San Diego, California -- Mailing list and web hosting services
---------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from). You may
also send the HELP command for other information (like subscribing).
--
Please see the official ORACLE-L FAQ: http://www.orafaq.com
--
Author:
INET: [EMAIL PROTECTED]
Fat City Network Services -- 858-538-5051 http://www.fatcity.com
San Diego, California -- Mailing list and web hosting services
---------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from). You may
also send the HELP command for other information (like subscribing).
