Call: +44 (0)1904 557620 Call
Blog

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "undocumented Oracle?"] [Next entry: "Red Database Security has released more Oracle password algorithm information"]

Details of the Oracle password algorithm were revealed by its creator in 1993



I was just emailed by Rajendra to remind me that there is a usenet post describing the Oracle password algorithm posted in 1993 by Bob Baldwin - the presumed creator. The post is titled "Oracle password encryption algorithm?" and it was posted to comp.security.misc. I first came across this post a few years ago - I think in 2001. It gives an overview of the algorithm used, design goals and pseudo code and its flow and text is coincidentally structured similarly to the post on c.d.o.s I mentioned yesterday in my post "Crack Oracle Security like a peanut!".