I don't think that you are going to be able to get a password encryption package that
will work exactly the same for each OS and DB. they all have their own "seed" and
algorithm that is proprietary to them. I once saw a professional hacker decrypt our
passwords on a training server that had a flavor of Unix. He knew the "seed" for the
version and it took 24 hrs to decrypt them. He did not know the "seed" or the
algorithm for the DB and was unable to decrypt it.
If they all worked the same it would be a simpler task to decrypt and break into any
system you had access to.
I would suggest that you use another method of verification for the OS and DB. Is it
that the users do not want to have to change their own passwords for the OS and DB.
Isn't it a security violation to have all of the users passwords the same?
Just a thought. $.02
ROR m���m
>>> [EMAIL PROTECTED] 07/31/01 11:28AM >>>
The problem is that I need one to encrypt a password in the same manner as
the Sun OS. This is because we use the database to populate /etc/passwd.
So if the OS can't compare passwords with what is stored in the database,
then nobody will be able to log into the Unix box.
Thanks for you help,
Rick Stephenson
Date: Mon, 30 Jul 2001 14:57:34 -0400
Subject: RE: Encrypting a password
DBMS_OBFUSCATION package is exactly what you want.
I have build something like this with DBMS_OBFUSCATION although I did not
compare against /etc/passwd.
I simply provided a "login" procedure, createKey, savePassword,
retrievePassword.
I used a createKey function to create keys that were basically RAW(128) if
I
remember correctly, then I had password stored encrypted in the database,
then another table with a FK to the user table which stored the key in
encrypted form.
You would need to join the key table with the encrypted password to decrypt
or cross exam.
"Walking on water and developing software from a specification are easy if
both are frozen."
Christopher R. Spence
Oracle DBA
Fuelspot
--
Please see the official ORACLE-L FAQ: http://www.orafaq.com
--
Author:
INET: [EMAIL PROTECTED]
Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051
San Diego, California -- Public Internet access / Mailing Lists
--------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from). You may
also send the HELP command for other information (like subscribing).
--
Please see the official ORACLE-L FAQ: http://www.orafaq.com
--
Author: Ron Rogers
INET: [EMAIL PROTECTED]
Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051
San Diego, California -- Public Internet access / Mailing Lists
--------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from). You may
also send the HELP command for other information (like subscribing).
