Penetration Testing mailing list archives
[PEN-TEST] Oracle USER$ password hashes
From: Olle Segerdahl <olle () NXS SE>
Date: Thu, 9 Nov 2000 11:02:37 +0100
Does anyone have a clue as to what "encrytion" method Oracle (7.x, 8.x) uses to store passwords in the SYS.USER$ table? Since the hashes are always the same for the same password, it most definately isn't salted.... An example (the default passwords of SYS and SYSTEM): change_on_install = D4C5016086B2DC6A manager = D4DF7931AB130E37 /olle
Current thread:
- [PEN-TEST] Oracle USER$ password hashes Olle Segerdahl (Nov 10)
- Re: [PEN-TEST] Oracle USER$ password hashes Nicolas Gregoire (Nov 10)
- Re: [PEN-TEST] Oracle USER$ password hashes Olle Segerdahl (Nov 10)
- Re: [PEN-TEST] Oracle USER$ password hashes Stefan Aeschbacher (Nov 10)
- Re: [PEN-TEST] Oracle USER$ password hashes Edwards, Steve (Nov 10)
- Re: [PEN-TEST] Oracle USER$ password hashes Stefan Aeschbacher (Nov 11)
- Re: [PEN-TEST] Oracle USER$ password hashes Edwards, Steve (Nov 11)
- Re: [PEN-TEST] Oracle USER$ password hashes John Lauro (Nov 11)
- Re: [PEN-TEST] Oracle USER$ password hashes Pete Krawczyk (Nov 11)
- Re: [PEN-TEST] Oracle USER$ password hashes Olle Segerdahl (Nov 10)
- Re: [PEN-TEST] Oracle USER$ password hashes Nicolas Gregoire (Nov 10)