[<prev] [next>] [day] [month] [year] [list]
Message-ID: <1618896585.20151115224801@netkosice.sk>
Date: Sun, 15 Nov 2015 22:48:01 +0100
From: Pepeq <pepeq@...kosice.sk>
To: john-users@...ts.openwall.com
Subject: Oracle password hash in 12c version
Hello John-users,
I'd like to ask for a help regarding password protection in newest Oracle 12c.
We do monitor Oracle(till 12c) passwords of standard users with help
of 24/7 monitoring through a solid hash that cannot be decrypted by
Oracle. It's a plain text which contains special characters and some
letters from end of the alphabet and therefore logon is not
valid/possible.
New Oracle has different controls as it doesn't accept password
hashes which are not set with a hex format. How can I ensure that
password behind the monitoring hash value is secure? Can I override
Oracle controls to set previous hash? I have a script in order to
change passwords regularly, but I don't like this solution as I
assume that even newest Oracle password hash can be cracked easily.
Lock of the users is not enough for the sake of audit.
--
Best regards,
Pepeq mailto:pepeq@...kosice.sk
Powered by blists - more mailing lists
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
