Penetration Testing mailing list archives

[PEN-TEST] Oracle USER$ password hashes (Summary)

From: Olle Segerdahl <olle () NXS SE>
Date: Mon, 13 Nov 2000 16:27:07 +0100

Ok, what I can understand from the answers in this thread:

The password and username are case insensitive by default (double quote exeption exists)

Both password and username can be 1 to 30 characters long

The password hash is a 8 byte string in hex notation (ie. 8 bytes large)

The password hash is salted with the uppercased username


So, anybody have any idea of what algorithms might be used to generate 8 bytes output from two 1-30 byte strings?

/olle

Current thread:

[PEN-TEST] Oracle USER$ password hashes Olle Segerdahl (Nov 10)
- Re: [PEN-TEST] Oracle USER$ password hashes Nicolas Gregoire (Nov 10)
  - Re: [PEN-TEST] Oracle USER$ password hashes Olle Segerdahl (Nov 10)
    - Re: [PEN-TEST] Oracle USER$ password hashes Stefan Aeschbacher (Nov 10)
    - Re: [PEN-TEST] Oracle USER$ password hashes Edwards, Steve (Nov 10)
    - Re: [PEN-TEST] Oracle USER$ password hashes Stefan Aeschbacher (Nov 11)
    - Re: [PEN-TEST] Oracle USER$ password hashes Edwards, Steve (Nov 11)
    - Re: [PEN-TEST] Oracle USER$ password hashes John Lauro (Nov 11)
    - Re: [PEN-TEST] Oracle USER$ password hashes Pete Krawczyk (Nov 11)
  - Re: [PEN-TEST] Oracle USER$ password hashes Pawel Krawczyk (Nov 11)
  - [PEN-TEST] Oracle USER$ password hashes (Summary) Olle Segerdahl (Nov 14)
    - Re: [PEN-TEST] Oracle USER$ password hashes (Summary) Dragos Ruiu (Nov 16)
    - Re: [PEN-TEST] Oracle USER$ password hashes (Summary) Stefan Aeschbacher (Nov 17)
- <Possible follow-ups>
- Re: [PEN-TEST] Oracle USER$ password hashes Michael Owen (Nov 10)
  - Re: [PEN-TEST] Oracle USER$ password hashes Wolfgang Zenker (Nov 11)