SEC_CASE_SENSITIVE_LOGON deprecated in 12C

Appears that the parameter SEC_CASE_SENSITIVE_LOGON has been deprecated in  12c, is retained for compatibility with version before. This parameter was a new feature in version 11g, and make passwords case sensitive,  because it was easier to crack passwords in oracle if they were case insensitive. Eg;

 

If we have a password of 4 characters, letters A’s

  • aaaa,  are four characters and a unique combination, just have to try to crack yyyy one time.
  • aAaA, are 2 * 2 * 2 * 2 is 16 combinations, have to try to crack 16 times aaaa, Aaaa, aaaa, aaaa, …  in this case is 16 times more complex break the password  than in the previous case.

 

HTH – Antonio NAVARRO

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s