Home page logo

pen-test logo Penetration Testing mailing list archives

Re: [PEN-TEST] Oracle USER$ password hashes
From: Pawel Krawczyk <kravietz () CETI PL>
Date: Fri, 10 Nov 2000 12:56:52 +0100

On Thu, Nov 09, 2000 at 03:33:03PM +0100, Nicolas Gregoire wrote:

Since the hashes are always the same for the same password, it most
definately isn't salted....
change_on_install       = D4C5016086B2DC6A
manager                 = D4DF7931AB130E37
Are the first 2 characters always "D4" ?
It could the fixed salt, ie. $crypted  = unkown-crypt("D4", $clear);

(...) Oracle  encrypts  passwords  using  a  modified  DES  (Data
Encryption   Standards)  algorithm  before  sending  them  across  the


However, the given examples seems to be too long for DES output, but
maybe that's the mentioned modification.

PaweĊ‚ Krawczyk <http://ceti.pl/~kravietz/>

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]