Print this article

Oracle Password Hashing Algorithm

Oracle hashes passwords into a hexadecimal string using the following steps:

  1. Concatenate the username and the password to produce a plaintext string;
  2. Convert the plaintext string to uppercase characters;
  3. Convert the plaintext string to multi-byte storage format; ASCII characters have the high byte set to 0x00;
  4. Encrypt the plaintext string (padded with 0s if necessary to the next even block length) using the DES algorithm in cipher block chaining (CBC) mode with a fixed key value of 0x0123456789ABCDEF;
  5. Encrypt the plaintext string again with DES-CBC, but using the last block of the output of the previous step (ignoring parity bits) as the encryption key. The last block of the output is converted into a printable string to produce the password hash value.

Last Modified: Dec 19, 2016 11:12 am US/Eastern
Created: Feb 14, 2008 9:25 am US/Eastern by admin