ASO Encryption Question

• From: "Scott Canaan" <srcdco@xxxxxxx>
• To: <oracle-l@xxxxxxxxxxxxx>
• Date: Thu, 15 Mar 2007 08:56:40 -0400

    We have been tasked with explaining exactly how Oracle implements
ASO.  The security person has already done some leg work to determine
that Oracle uses a Diffie-Hellman algorithm to come up with a session
key.  Since the default Diffie-Hellman algorithm is subject to a "man in
the middle" attack, Oracle folds in some other piece of authentication.
The Oracle documentation is vague on what that piece of authentication
is, which is understandable.  However, he has been tasked with
explaining in detail how it works so that the connection can be declared
as secure.

    His guess is that the piece of authentication is the username /
password or just the password.  Can someone enlighten us on what exactly
that piece of authentication is?

 

Thank you,

 

Scott Canaan '88 (Scott.Canaan@xxxxxxx)

(585) 475-7886

"Life is like a sewer, what you get out of it depends on what you put
into it." - Tom Lehrer.

 

Other related posts:

• » ASO Encryption Question

1. Home
2. oracle-l
3. Archive
4. 03-2007

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---