Concatenate the username and the password to produce a plaintext string;
Convert the plaintext string to uppercase characters;
Convert the plaintext string to multi-byte storage format; ASCII characters have the high byte set to 0x00;
Encrypt the plaintext string (padded with 0s if necessary to the next even block length) using the DES algorithm in cipher block chaining (CBC) mode with a fixed key value of 0x0123456789ABCDEF;
Encrypt the plaintext string again with DES-CBC, but using the last block of the output of the previous step (ignoring parity bits) as the encryption key. The last block of the output is converted into a printable string to produce the password hash value.
Convert username to uppercase version of username (username sys becomes SYS)
Convert password to uppercase version of password (password test becomes TEST)
Capatilized username and password gets concatinated (username SYS with password TEST becomes SYSTEST)
Encrypt (using 3DES algorithm) concatinated value with a (permanent – always the same) secret key
Encrypt (using 3DES algorithm) concatinated value with a secret key (this key are the last 8 bytes of the first encryption)
The actual password hash value will be the last 8 bytes of the second encryption round, stored in a readable hex representation of these 8 bytes – so 16 characters)
The procedure for generating a 11g hash
An 10 bytes SALT gets generated by Oracle (looks random)
Password (case-sensitive) and SALT (10 bytes) value become concatinated
A SHA1 hash gets generated for the concatinated value
11g password hash becomes: “S:” plus <SHA1 hash – readable hex representation> plus <SALT – readable hex representation, 20 characters>
mubix
commented
11 years ago
https://engineering.purdue.edu/ECN/Support/KB/Docs/OraclePasswordHashin
And from http://marcel.vandewaters.nl/oracle/security/password-hashes
The procedure used for generating a 10g hash
The procedure for generating a 11g hash