Penetration Testing mailing list archives
Re: [PEN-TEST] Oracle USER$ password hashes
From: Wolfgang Zenker <wolfgang () JPAVES DE>
Date: Fri, 10 Nov 2000 13:38:03 +0100
Michael Owen wrote:
- is there really a salt (just install two users with the same PW)
Yes. I created 10 users with the same PW, and all had different hashes.
As we have seen in another reply the encrypted password might depend on the name as well as the cleartext password. So to see if a salt is used in password encryption you should create the same user/password-combination on two different systems and check if you get the same encrypted password on both systems. If this is the case, no salt is used. Wolfgang Zenker -- Wolfgang Zenker Mail: W.Zenker () jpaves de JPAVES Unix Online GmbH Fon: (+49) 721 / 955 40 60 Kaiserallee 87 Fax: (+49) 721 / 955 40 62 D-76185 Karlsruhe Web: www.jpaves.de
Current thread:
- Re: [PEN-TEST] Oracle USER$ password hashes, (continued)
- Re: [PEN-TEST] Oracle USER$ password hashes Edwards, Steve (Nov 10)
- Re: [PEN-TEST] Oracle USER$ password hashes Stefan Aeschbacher (Nov 11)
- Re: [PEN-TEST] Oracle USER$ password hashes Edwards, Steve (Nov 11)
- Re: [PEN-TEST] Oracle USER$ password hashes John Lauro (Nov 11)
- Re: [PEN-TEST] Oracle USER$ password hashes Pete Krawczyk (Nov 11)
- Re: [PEN-TEST] Oracle USER$ password hashes Pawel Krawczyk (Nov 11)
- [PEN-TEST] Oracle USER$ password hashes (Summary) Olle Segerdahl (Nov 14)
- Re: [PEN-TEST] Oracle USER$ password hashes (Summary) Dragos Ruiu (Nov 16)
- Re: [PEN-TEST] Oracle USER$ password hashes (Summary) Stefan Aeschbacher (Nov 17)
- Re: [PEN-TEST] Oracle USER$ password hashes Wolfgang Zenker (Nov 11)