Re: [PEN-TEST] Oracle USER$ password hashes

[Stefan Aeschbacher <stefan () AESCHBACHER COM>]

Hi

"Edwards, Steve" wrote:
> If anyone wants to "reverse-engineer" the Oracle password encryption
> method, this may help.
Due to lack of an Oracle it won't be me, but I can try to make some
thoughts
on the algorithm used (which may or may not help to find the algorithm).

[snip]
> 4) The encrypted password is always 16 characters.
>
> 5) The encrypted password is only composed from the set "0123456789ABCDEF"
This seems to point to a hex representation of the data.
Therefore we have a string of 64bit length as an output.
As at least one byte is lost to the salt, this function generates
far to short ciphertexts (<=56bit). Once the algorithm is known,
this gives a good basis for a birthday attack.

> 6) The encrypted password is derived from both the name and the cleartext
> password. Changing any character in the name or cleartext password changes
> the encrypted password.
As we seem to have a salt, (did somone verify which bytes?) could this
be
the reason for the changes and not the change in the name?
If the salt is really the first byte, then your table "Changing the last
character:"
would prove the assumption that the name is involved (there are two
lines with
C6 as the first byte).

The function most certainely is a one way function. So either its a hash
which works on the password, the salt and maybe the name. Or its
a MAC-function which additionnaly adds some kind of key (not very
probable
as there is no gain in security unless every copy of ORACLE has another
key).
A symmetric cipher does not make any sense as there had to be a PW
stored
somwhere which could be used to decrypt the encrypted PW.

Stefan

> Here are some example pairs. Only the name is changed, the password is
> the same -- "ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ" (30 Z's.)
[snip]