Re: getting users passwords in plain text
- From: "Rich Jesse" <rjoralist@xxxxxxxxxxxxxxxxxxxxx>
- To: "Oracle-L Freelists" <oracle-l@xxxxxxxxxxxxx>
- Date: Tue, 16 Oct 2007 10:55:07 -0500 (CDT)
I have to say that I can't think of a valid reason to grab all passwords in
the database and you haven't given much information on this.
That
being said, the only viable way I know of to get the cleartext password is
to brute force it. I would hope that the folks on this list would have
enough sense to not offer more than Google already can on this...
FYI, if you can brute force about a million iterations per second per CPU
(e.g. Intel T7200), you're looking at a maximum of a day to crack each
7-character password, 33 days for 8 chars, 3+years for 9, and ~116 years for
a 10-char password.
So, unless everyone has very easy passwords,
you're best bet is to manage changing them.
GL,
Rich
> i thought of doing a insert into mytable values
(username,password);
> in the
$ORACLE_HOME/rdbms/admin/utlpwdmg.sql
>
<http://download-uk.oracle.com/docs/cd/B10501_01/server.920/a96536/ch53.htm#1005955>
> but i don't wanne edit or write anything more looking for a
scritp
> that converts the hase to plain text
--
//www.freelists.org/webpage/oracle-l
Other related posts:
