The password in your example is not encrypted, it's hashed. And the difference is that hashing is irreversible, i.e. you can't know the original password knowing the hash only (without employing special computationally extensive techniques).
So the answer to your question whether you can evaluate existing passwords by hash only is: not in the general case.
One way to fix that is to force a password rotation for the existing users, i.e. mark their passwords as expired. Then you still won't know their passwords, by they'd be able to login and change them so that they comply with the newly enforced password strength policy.
for more details on password expiration.
June 07, 2016 01:27AM
July 11, 2016 02:53AM
Sorry, you can't reply to this topic. It has been closed.
Content reproduced on this site is the property of the respective copyright holders.
It is not reviewed in advance by Oracle and does not necessarily represent the opinion
of Oracle or any other party.