Monday, October 01, 2007

Is it possible to decrypt the Oracle password?

Oracle's hashed password algorithm, even though is supposed to be secret, it has been shown to be weak due to several vulnerabilities.
Weak Salt SelectionNon-random salt values.Lack of alphabetic case preservation.

On 1993 there was a post on the newsgroup which describes the algorithm in detail, identifying an unknown fixed key as an input parameter. The key was later published on a book named "Special Ops". This has provided enough information to reproduce the algorithm:

1. Concatenate the username and the password to produce a plain text string;

2. Convert the plain text string to uppercase characters;

3. Convert the plain text string to multi-byte storage format; ASCII characters have the high byte set to 0x00;

4. Encrypt the plain text string (padded with 0s if necessary to the next even block length) using the DES algorithm in cipher block chaining (CBC) mode with a fixed key value of0x0123456789ABCDEF;

5. Encrypt the plain text string again with DES-CBC, but using the last block of the output of the previous step (ignoring parity bits) as the encryption key. The last block of the output is converted into a printable string to produce the password hash value.

Let's suppose a user's password is about 12-16 characters, then the algorithm would perform between 6 and 8 DES encryptions to compute the hash value.

The hash algorithm has another weaknesses, it can be calculated out from rainbow tables, which are precomputed hashed passwords which can be used to compare the actual hash password value later.

Ref. An Assessment of the Oracle Password Hashing Algorithm
Carlos CidInformation Security GroupRoyal Holloway, University of London
Joshua WrightSANS
18. Oct. 2005

No comments: