mailing list archives
Re: [PEN-TEST] Oracle USER$ password hashes
From: Pawel Krawczyk <kravietz () CETI PL>
Date: Fri, 10 Nov 2000 12:56:52 +0100
On Thu, Nov 09, 2000 at 03:33:03PM +0100, Nicolas Gregoire wrote:
Since the hashes are always the same for the same password, it most
definately isn't salted....
change_on_install = D4C5016086B2DC6A
manager = D4DF7931AB130E37
Are the first 2 characters always "D4" ?
It could the fixed salt, ie. $crypted = unkown-crypt("D4", $clear);
(...) Oracle encrypts passwords using a modified DES (Data
Encryption Standards) algorithm before sending them across the
However, the given examples seems to be too long for DES output, but
maybe that's the mentioned modification.
Paweł Krawczyk <http://ceti.pl/~kravietz/>
Re: [PEN-TEST] Oracle USER$ password hashes Pawel Krawczyk (Nov 11)
[PEN-TEST] Oracle USER$ password hashes (Summary) Olle Segerdahl (Nov 14)