Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Sun, 15 Nov 2015 22:48:01 +0100
From: Pepeq <pepeq@...kosice.sk>
To: john-users@...ts.openwall.com
Subject: Oracle password hash in 12c version

Hello John-users,

  I'd like to ask for a help regarding password protection in newest Oracle 12c.
  We do monitor Oracle(till 12c) passwords of standard users with help
  of 24/7 monitoring through a solid hash that cannot be decrypted by
  Oracle. It's a plain text which contains special characters and some
  letters from end of the alphabet and therefore logon is not
  valid/possible.

  New Oracle has different controls as it doesn't accept password
  hashes which are not set with a hex format. How can I ensure that
  password behind the monitoring hash value is secure? Can I override
  Oracle controls to set previous hash? I have a script in order to
  change passwords regularly, but I don't like this solution as I
  assume that even newest Oracle password hash can be cracked easily.
  Lock of the users is not enough for the sake of audit.
-- 
Best regards,
 Pepeq                          mailto:pepeq@...kosice.sk

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.