Oracle Password Hashing Algorithm
Oracle hashes passwords into a hexadecimal string using the following steps:
- Concatenate the username and the password to produce a plaintext string;
- Convert the plaintext string to uppercase characters;
- Convert the plaintext string to multi-byte storage format; ASCII characters have the high byte set to 0x00;
- Encrypt the plaintext string (padded with 0s if necessary to the next even block length) using the DES algorithm in cipher block chaining (CBC) mode with a fixed key value of 0x0123456789ABCDEF;
- Encrypt the plaintext string again with DES-CBC, but using the last block of the output of the previous step (ignoring parity bits) as the encryption key. The last block of the output is converted into a printable string to produce the password hash value.
Last modified: 2012/02/01 15:38:32.750259 US/Eastern by
Created: 2008/02/14 09:25:8.401000 US/Eastern by curtis.f.smith.1.
Type in a few keywords describing what information you are looking for in the text box below.