Home page logo

pen-test logo Penetration Testing mailing list archives

Re: [PEN-TEST] Oracle USER$ password hashes (Summary)
From: Dragos Ruiu <dr () KYX NET>
Date: Tue, 14 Nov 2000 23:01:45 -0800

On Mon, 13 Nov 2000, Olle Segerdahl wrote:
Ok, what I can understand from the answers in this thread:
The password and username are case insensitive by default (double quote exeption exists)
Both password and username can be 1 to 30 characters long
The password hash is a 8 byte string in hex notation (ie. 8 bytes large)
The password hash is salted with the uppercased username
So, anybody have any idea of what algorithms might be used to generate 8 bytes output from two 1-30 byte strings?

Ok, I have to ask....
Why has no-one disassembled oracle's hash program itself?
The above effort seems like trying to reverse engineer a paper shredder
by analyzing shredded paper instead of taking the device apart.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]