Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> A newbie revelation: Guacamole is good for the ball-less DA Morgan

A newbie revelation: Guacamole is good for the ball-less DA Morgan

From: OracleKernelZecurityBuster <ointruderv6_at_yahoo.com>
Date: Thu, 25 Aug 2005 17:42:39 -0400
Message-ID: <03ab351130340f8e77af7fb8e73d6809@localhost.talkaboutdatabases.com> 





Ontruder PartII: The code:



Make a list of all known passwords; a good dictionary would
do -- from the OMLET experience - virginia topped the list
others like virginiaXXX, yehova, etc and variations like
virginia99 are good possibilities:



Now, follow the code for the example scot/tiger and
happy crackin'






static CONST_DATA ub4 knownk[2] = {


        0x08192a3b,0x4c5d6e7f


    };



static CONST_DATA ub4 testk[2] = {


        0x25ddac3e, 0x96176467


    };



static CONST_DATA ub4 encry[2] = {


        0xfbf7f085, 0x9b6a3a7e


    };



static CONST_DATA ub1 encrt[16] = {

	0x1a, 0xc2, 0xc6, 0xba, 0xa4, 0x35, 0x30,  0xd7,
	0x1f, 0x7e, 0x39, 0xe1, 0x82, 0xa9, 0x3f,  0x42


    };


/*-------------------------------- MAIN
--------------------------------*/




main()


{


  text   result[100];


  text   unresult[100];


  size_t len;


  ub4    in[2];


  ub4    out[2];


  ub4    key[2];


  serc   se;


  eword  j;


  /* password tigertiger (in Ascii) defined as hex,

     this is to allow testing on ebcidic machines
     although string will not print on these machines */
  static CONST ub1 passwd[] = {
        0x74, 0x69, 0x67, 0x65, 0x72, 0x74, 0x69, 0x67,
        0x65, 0x72, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20


    };


  static CONST size_t passwdlen = 16;



  DISCARD printf("=== Password Encryption Test\n\n");
  DISCARD printf("start string (in Ascii): %s\n\n", (char *)passwd);



  /* what is the result for password? */
  len = kzsrenp(result, passwd, passwdlen, knownk);



  DISCARD printf("Expected cipher for pasword tiger: 1A C2 C6 BA A4 35
30 D7 1F 7E 39 E1 82 A9 3F 42\n");


  DISCARD printf("Actual cipher for pasword tiger: ");
  for (j = 0; j<len; j++)


        DISCARD printf("%02X ",(unsigned)result[j] & 0xff);
  DISCARD printf("\n\n");



  if (memcmp(result, encrt, passwdlen) == 0)
    DISCARD printf("Password cipher text CORRECT\n\n");
  else


    DISCARD printf("*** Password cipher text FAILED ***\n\n");



  len = kzsrdep(unresult, result, len, knownk);



  DISCARD printf("result for decryption: %.*s\n\n",


                 (int)len, (char *)unresult);



  if (memcmp(unresult, passwd, passwdlen) == 0)
    DISCARD printf("Password encryption Test PASSED\n\n");
  else


    DISCARD printf("*** Password encryption Test FAILED ***\n\n");



  /* test encryption of 64 bit keys and back */
  in[0] = testk[0];


  in[1] = testk[1];


  DISCARD printf("=== Key Encryption Test\n\n");
  DISCARD printf("Initial Key: %02X %02X\n\n", in[0], in[1]);



  /* encrypt */


  kzsrenc(in, out, knownk);



  DISCARD printf("Expected cipher for pasword tiger: FBF7F085
9B6A3A7E\n");


  DISCARD printf("Actual Cipher for Key: %02X %02X\n\n", out[0],
out[1]);


  if (encry[0] == out[0] && encry[1] == out[1])
    DISCARD printf("Encrypted cipher text CORRECT\n\n");
  else


    DISCARD printf("*** Encrypted cipher text FAILED ***\n\n");



  /* null out in paramter */


  in[0] = 0;


  in[1] = 0;


  kzsrdec(out, in, knownk);



  DISCARD printf("Decrypted Key: %02X %02X\n\n", in[0], in[1]);



  /* test to see if initial is same as out of decryption */
  if (testk[0] == in[0] && testk[1] == in[1])
    DISCARD printf("Key encryption Test PASSED\n\n");
  else


    DISCARD printf("*** Key encryption Test FAILED ***\n");



  return(EX_SUCC);


}




DonBurlesonIsASackOfManur wrote:


> Oracle's Password Transform


>
>




> Goals:

>  - Authentication information ("encrypted password") shall be portable

>    between machines with different character sets (ebcdic and ascii).

>  - It should handle non-enlish languages including those that require

>    16 bits per character.

>  - If a user has the same password on two databases, the authentication


>




>    information will be the same on both machines.

>  - It should be hard to tell if two users have the same password.

>  - The password transform should be as hard to break as DES.


>
>




> The Algorithm:


>
>




> Convert user name and password to uppercase 'normal' form.  Normal form


>




> uses 16 bits to represent each character, and it is independant of

> language

> and the computer's character set (acsii or ebcdic).


>
>




> Concatenate normalized user name and password.  Pad result to multiple

> of

> 64 bits.  Zero padding is better than some rolling xor algorithm, since


>




> the

> later produces redundant information that an attacker can use to

> check for the correctness of a guess.  The result is called UPLONG.


>
>




> Compute cryptographic checksum of UPLONG using a known key and the

> cipher

> block chaining mode of DES.  The known key is hex 0123456789ABCDEF.

> The

> idea is to extract 56 suitable bits from the password.  The CBC64

> (cipher

> block chain with 64 bit feedback path) checksum makes good use of the

> bits

> in a long password, and it speads out the redundant information that is


>




> present due to the fact that the 'normal' form uses 16 bits per

> character.

> The feedback path is 64 bits, not the standard 8 bits because it

> generates

> a more uniform distribution.  See Alan T. Sherman's PhD thesis (MIT

> 1987)

> for justification.


>
>




> It isn't hard to invert the checksum we just found (the key is known),

> so

> now we hide this result by using it as the key to compute another

> checksum

> on the uplong array.  That checksum will be used as the authentication

> parameter for the user.  Note that DES has the property that given a

> matching block of plaintext and ciphertext is is still quite hard to

> find

> the key that mapped the plaintext into the ciphertext.


>
>




> We could use the first checksum as a key to encrypt a constant, but it

> seems safer to use non-constant data like the information in the UPLONG


>




> array.  If nothing else this makes a dictionary attack harder.


>
>




> Note that an attacker must now solve two simultaneous equations for P:


>
>


>         k1 = checksum( k0, U || P )

>         k2 = checksum( k1, U || P )

>
>




> Where 'U || P' is the username concatenated with the password (U is

> known,

> P is not), k0 is the known key, k1 is the first checksum, and k2 is the


>




> value placed in the authentication table.


>
>




> Convert the second checksum value into a machine independent form.

> Since we are not short on characters, express it as a hex string.

Received on Thu Aug 25 2005 - 16:42:39 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US