Oracle Password Hashing Algorithm

Oracle hashes passwords into a hexadecimal string using the following steps:

  1. Concatenate the username and the password to produce a plaintext string;
  2. Convert the plaintext string to uppercase characters;
  3. Convert the plaintext string to multi-byte storage format; ASCII characters have the high byte set to 0x00;
  4. Encrypt the plaintext string (padded with 0s if necessary to the next even block length) using the DES algorithm in cipher block chaining (CBC) mode with a fixed key value of 0x0123456789ABCDEF;
  5. Encrypt the plaintext string again with DES-CBC, but using the last block of the output of the previous step (ignoring parity bits) as the encryption key. The last block of the output is converted into a printable string to produce the password hash value.

Last modified: 2012/02/01 15:38:32.750259 US/Eastern by james.m.moya.1
Created: 2008/02/14 09:25:8.401000 US/Eastern by curtis.f.smith.1.



Type in a few keywords describing what information you are looking for in the text box below.

Admin Options: Edit this Document