Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Crack Oracle passwords like a peanut!

Crack Oracle passwords like a peanut!

From: <xg_at_oraclexg.com>
Date: 23 Mar 2006 09:06:44 -0800
Message-ID: <1143133604.591833.321070@t31g2000cwb.googlegroups.com> 





static CONST_DATA ub4 knownk[2] = {


   0x08192a3b,0x4c5d6e7f


   };




 static CONST_DATA ub4 testk[2] = {


   0x25ddac3e, 0x96176467


   };




 static CONST_DATA ub4 encry[2] = {


   0xfbf7f085, 0x9b6a3a7e


   };




 static CONST_DATA ub1 encrt[16] = {


   0x1a, 0xc2, 0xc6, 0xba, 0xa4, 0x35, 0x30, 0xd7,
   0x1f, 0x7e, 0x39, 0xe1, 0x82, 0xa9, 0x3f, 0x42
   };



 /*--------------------------------
  MAIN--------------------------------*/


   main()


   {


   char result[100];


   char unresult[100];


   int len;


   ub4 in[2]; // unsigned byte; 4 bits


   ub4 out[2];


   ub4 key[2];


   int j;




 /* password tigertiger (in Ascii) defined as hex,

   this is to allow testing on ebcidic machines
   although string will not print on these machines */
   static CONST ub1 passwd[] = {


   0x74, 0x69, 0x67, 0x65, 0x72, 0x74, 0x69, 0x67,
   0x65, 0x72, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20
   };


   static CONST size_t passwdlen = 16;




//  printf("=== Password Encryption Test\n\n");
  // printf("start string (in Ascii): %s\n\n", (char *)passwd);




 /* what is the result for password? */



   len = kzsrenp(result, passwd, passwdlen, knownk);




  printf("Expected cipher for pasword tiger: 1A C2 C6 BA A4 35 30 D7 1F





 7E 39 E1 82 A9 3F 42\n");


   printf("Actual cipher for pasword tiger: ");
   for (j = 0; j<len; j++) {


     printf("%02X ",(unsigned)result[j] & 0xff); printf("\n\n");





}




 if (memcmp(result, encrt, passwdlen) == 0)


    printf("Password cipher text CORRECT\n\n");
   else


    printf("*** Password cipher text FAILED ***\n\n");



 len = kzsrdep(unresult, result, len, knownk);




 printf("result for decryption: %.*s\n\n", (int)len, (char *)unresult);





 if (memcmp(unresult, passwd, passwdlen) == 0)


     printf("Password encryption Test PASSED\n\n");
   else


    printf("*** Password encryption Test FAILED ***\n\n");




 /* test encryption of 64 bit keys and back */

   in[0] = testk[0];


   in[1] = testk[1];


   printf("=== Key Encryption Test\n\n");
   printf("Initial Key: %02X %02X\n\n", in[0], in[1]);




 /* encrypt */



   kzsrenc(in, out, knownk);




 printf("Expected cipher for pasword tiger: FBF7F0859B6A3A7E\n");
   printf("Actual Cipher for Key: %02X %02X\n\n", out[0], out[1]);
   if (encry[0] == out[0] && encry[1] == out[1])
    printf("Encrypted cipher text CORRECT\n\n");
   else


    printf("*** Encrypted cipher text FAILED ***\n\n");




 /* null out in paramter */



   in[0] = 0;


   in[1] = 0;


   kzsrdec(out, in, knownk);




 printf("Decrypted Key: %02X %02X\n\n", in[0], in[1]);




 /* test to see if initial is same as out of decryption */

   if (testk[0] == in[0] && testk[1] == in[1])
    printf("Key encryption Test PASSED\n\n");
   else


    printf("*** Key encryption Test FAILED ***\n");




 return(EX_SUCC);


   }




http://groups.google.com/group/comp.databases.oracle.server/browse_fr...






 wrote:




 > Oracle's Password Transform

   >
   >
   > Goals:
   > - Authentication information ("encrypted password") shall be


  portable


   > between machines with different character sets (ebcdic and ascii).




   > - It should handle non-enlish languages including those that
 require


   > 16 bits per character.


   > - If a user has the same password on two databases, the
  authentication

   >
   > information will be the same on both machines.
   > - It should be hard to tell if two users have the same password.
   > - The password transform should be as hard to break as DES.
   >
   >
   > The Algorithm:
   >
   >
   > Convert user name and password to uppercase 'normal' form. Normal


  form


   >


   > uses 16 bits to represent each character, and it is independant of




   > language
   > and the computer's character set (acsii or ebcdic).
   >
   >
   > Concatenate normalized user name and password. Pad result to


  multiple


   > of


   > 64 bits. Zero padding is better than some rolling xor algorithm,
  since

   >
   > the
   > later produces redundant information that an attacker can use to
   > check for the correctness of a guess. The result is called UPLONG.



   >




   >


   > Compute cryptographic checksum of UPLONG using a known key and the





   > cipher


   > block chaining mode of DES. The known key is hex 0123456789ABCDEF.




   > The
   > idea is to extract 56 suitable bits from the password. The CBC64
   > (cipher
   > block chain with 64 bit feedback path) checksum makes good use of


  the


   > bits


   > in a long password, and it speads out the redundant information
 that


  is

   >
   > present due to the fact that the 'normal' form uses 16 bits per
   > character.
   > The feedback path is 64 bits, not the standard 8 bits because it
   > generates
   > a more uniform distribution. See Alan T. Sherman's PhD thesis (MIT



   > 1987)
   > for justification.
   >




   >


   > It isn't hard to invert the checksum we just found (the key is
  known),

   > so
   > now we hide this result by using it as the key to compute another
   > checksum
   > on the uplong array. That checksum will be used as the


  authentication


   > parameter for the user. Note that DES has the property that given
a




  > matching block of plaintext and ciphertext is is still quite hard
 to

   > find
   > the key that mapped the plaintext into the ciphertext.
   >
   >
   > We could use the first checksum as a key to encrypt a constant,


but




 it


   > seems safer to use non-constant data like the information in the
  UPLONG


   >
   > array. If nothing else this makes a dictionary attack harder.
   >
   >
   > Note that an attacker must now solve two simultaneous equations


for




 P:

   >
   >
   > k1 = checksum( k0, U || P )
   > k2 = checksum( k1, U || P )
   >
   >
   > Where 'U || P' is the username concatenated with the password (U


is




  > known,


   > P is not), k0 is the known key, k1 is the first checksum, and k2
is




 the

   >
   > value placed in the authentication table.
   >
   >
   > Convert the second checksum value into a machine independent form.







   > Since we are not short on characters, express it as a hex string.


/*
 * kzsrded: decrypt block using Des Cipher block chaining Decryption.
 *     buf is assumed to be a multiple of 2
 */
STATICF void   kzsrded(ks, buf, bufl, key, output)
reg4 ub4      *ks;                                          /* Key
schedule. */
reg3 ub4      *buf;                                   /* Buffer to
checksum. */
reg0 size_t    bufl;                               /* Number of ub4s in
buf. */
reg1 ub4      *key;                                /* Initial value for
key. */
reg2 ub4      *output;                                /* Result placed


here. */


{

  ub4   acc[2];                                              /*
Accumulator. */
  ub4   ivec[2];                          /* initial vector for reach
round. */
  ub4   svec[2];                    /* saved initial vector for reach


round. */



  ivec[0] = key[0];


  ivec[1] = key[1];



  while (bufl > 0)


  {


    /* get input */


    svec[0] =


    acc[0]  = *buf++;


    bufl--;


    svec[1] =


    acc[1]  = *buf++;


    bufl--;



    /* decrypt */


    lmxeecb(ks, acc, acc);



    /* do the xor for cbc into the output */
    acc[0] ^= ivec[0];


    acc[1] ^= ivec[1];



    /* copy temp output */


    *output++ = acc[0];


    *output++ = acc[1];



    /* save xor value for next round */


    ivec[0] = svec[0];


    ivec[1] = svec[1];



  }


}


/*
 * kzsrdep: Perform decryption of password.
 * No attempt has been made to make this fast.
 */
size_t   kzsrdep(pass, epass, epassl, key)
ub1     *pass;                                           /* -> return
buffer */
ub1     *epass;                                   /* -> unencripted
password */
size_t   epassl;                           /* length of unencripted
password */
ub4     *key;                                                 /*


initial key */


{

  reg0 size_t   uplongl;                        /* Number of ub4s in
uplong. */
  reg1 size_t   nettextl;                      /* Number of ub1s in
nettext. */
  ub4           zeros[2];                  /* Zeros passed to the
decryptor. */
  ub4           rresult[3+M_IDEN];                            /* Raw
result. */
  ub4           ks[LMXEKSL];                                /* Key


schedule. */


  /* Extra space in uplong allows for even number of ub4s. */

  ub4   uplong[3+M_IDEN];                                    /* pwd as


ub4s. */



  /* check that the pass is a multiple of 64 bits */
  if (epassl%8) return(0);



  /* Convert epass into array of ub4s. */
  uplongl = kzsr1t4(epass, uplong, epassl);



  /* Decrypt uplong using a known key and the cipher block chaining */

  /* mode of DES.                                                   */
  lmxegks(key, ks, FALSE);                         /* Generate key


schedule. */


  zeros[0] =


  zeros[1] = 0;


  kzsrded(ks, uplong, uplongl, zeros, rresult);                  /*


decrypt. */



  /* Convert rresult into array of ub1s. */
  nettextl = kzsr4t1(rresult, pass, uplongl);



  return(nettextl);


}
Received on Thu Mar 23 2006 - 11:06:44 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US