Call: +44 (0)1904 557620 Call

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "Evading Oracle IDS and audit appliances"] [Next entry: "Integrigy have released a completely new version of their listener check tool"]

Oracle 11g will have SHA-1 hashed passwords and case sensitive passwords

I was made aware today by someone that the new release of Oracle, currently known as 11g or 11.1 will have case sensitive passwords and also the password algorithm has changed to SHA-1 instead of the old DES based hashing used.

It also seems that passwords hashed on 10gR2 and lower where the database has been upgraded to 11g will retain case insensitive passwords. This hints at the old DES based password algorithm still being available in 11g as well. I cannot confirm this as I am not a beta customer (indeed if I was I couldnt confirm it either!) and I am sure my source isn't either but they found out quite reliably so i am sure its correct.

This is good news that Oracle seem to be taking security very seriously in 11g.