Penetration Testing mailing list archives
Re: [PEN-TEST] Oracle USER$ password hashes
From: Pawel Krawczyk <kravietz () CETI PL>
Date: Fri, 10 Nov 2000 12:56:52 +0100
On Thu, Nov 09, 2000 at 03:33:03PM +0100, Nicolas Gregoire wrote:
Since the hashes are always the same for the same password, it most definately isn't salted.... ... change_on_install = D4C5016086B2DC6A manager = D4DF7931AB130E37Are the first 2 characters always "D4" ? It could the fixed salt, ie. $crypted = unkown-crypt("D4", $clear);
(...) Oracle encrypts passwords using a modified DES (Data Encryption Standards) algorithm before sending them across the network. http://oradoc.photo.net/ora81/DOC/server.815/a67784/toc.htm However, the given examples seems to be too long for DES output, but maybe that's the mentioned modification. -- Paweł Krawczyk <http://ceti.pl/~kravietz/>
Current thread:
- [PEN-TEST] Oracle USER$ password hashes Olle Segerdahl (Nov 10)
- Re: [PEN-TEST] Oracle USER$ password hashes Nicolas Gregoire (Nov 10)
- Re: [PEN-TEST] Oracle USER$ password hashes Olle Segerdahl (Nov 10)
- Re: [PEN-TEST] Oracle USER$ password hashes Stefan Aeschbacher (Nov 10)
- Re: [PEN-TEST] Oracle USER$ password hashes Edwards, Steve (Nov 10)
- Re: [PEN-TEST] Oracle USER$ password hashes Stefan Aeschbacher (Nov 11)
- Re: [PEN-TEST] Oracle USER$ password hashes Edwards, Steve (Nov 11)
- Re: [PEN-TEST] Oracle USER$ password hashes John Lauro (Nov 11)
- Re: [PEN-TEST] Oracle USER$ password hashes Pete Krawczyk (Nov 11)
- Re: [PEN-TEST] Oracle USER$ password hashes Olle Segerdahl (Nov 10)
- Re: [PEN-TEST] Oracle USER$ password hashes Nicolas Gregoire (Nov 10)
- Re: [PEN-TEST] Oracle USER$ password hashes (Summary) Dragos Ruiu (Nov 16)
- Re: [PEN-TEST] Oracle USER$ password hashes (Summary) Stefan Aeschbacher (Nov 17)
- <Possible follow-ups>
- Re: [PEN-TEST] Oracle USER$ password hashes Michael Owen (Nov 10)
- Re: [PEN-TEST] Oracle USER$ password hashes Wolfgang Zenker (Nov 11)