• projectsOrapass DES

    Size 1.6 KB
    DateFebruary 21st, 2009

    Orapass-DES implements Oracle's older DES-based password hashing algorithm.


    Let's trace through the algorithm with the username "tiger" and the password "scott":

    1. Concatenate the username and the password to produce a plaintext string

    2. Convert the plaintext string to uppercase characters

    3. Convert the plaintext string to multi-byte storage format; ASCII characters have the high byte set to 0x00

    4. Encrypt the plaintext string (padded with 0s if necessary to the next even block length) using the DES algorithm in cipher block chaining (CBC) mode with a fixed key value of 0x0123456789ABCDEF;

       * Initialize DES with IV:  0000000000000000
       * Initialize DES with KEY: 0123456789ABCDEF
       * Padded plaintext: 0054004900470045005200530043004f0054005400000000
       * DES(plaintext) = 527acbc01a49c057e854df3104789ce7801be7920d69f719
    5. Encrypt the plaintext string again with DES-CBC, but using the last block of the output of the previous step (ignoring parity bits) as the encryption key.

       * Initialize DES with IV:  0000000000000000
       * Initialize DES with KEY: 801be7920d69f719
       * Padded plaintext: 0054004900470045005200530043004f0054005400000000
       * DES(plaintext) = 293c787182d03d85fa6cee1db032e2c69d45cd92d876e247
    6. The last block of the output is converted into a printable string to produce the password hash value.



    Usage of the script is very straightforward simply provide username and password as parameters to get an 8-byte hash output.

    ./ tiger scott


    orapass sha1

    Size 605 bytes
    DateAugust 17th, 2011

    Orapass SHA1 implements Oracle's newer SHA1-based password hashing algorithm. This script can be used for password strength audit and recovery. Uses Python Hashlib library. Read more.

    john the ripper

    John the Ripper is a multi-platform password cracking tool. Read more.

    oracle tns protocol

    Oracle's proprietary TNS (Transparent Network Substrate) protocol is used to interact with Oracle's RDBMS. In this article you will learn about different TNS packet types and their structure. Read more.

    oracle rdbms

    Oracle Database or RDBMS (Object-Relational Database Management System) is a complex system for storage and retrieval of relational data. In this article you will learn the basic architecture of the Oracle Databases as well as common attacks against it. Read more.


    All original content on this site is copyright protected and licensed under Creative Commons - Attribution, NonCommercial, ShareAlike 4.0 International.