123456789101112131415161718192021222324252627 |
- def oracle_old_passwd(password, username, uppercase=True): # prior to version '11g'
- """
- Reference(s):
- http://www.notesbit.com/index.php/scripts-oracle/oracle-11g-new-password-algorithm-is-revealed-by-seclistsorg/
- >>> oracle_old_passwd(password='tiger', username='scott', uppercase=True)
- 'F894844C34402B67'
- """
- IV, pad = "\0" * 8, "\0"
- if isinstance(username, unicode):
- username = unicode.encode(username, UNICODE_ENCODING)
- if isinstance(password, unicode):
- password = unicode.encode(password, UNICODE_ENCODING)
- unistr = "".join("\0%s" % c for c in (username + password).upper())
- cipher = des(hexdecode("0123456789ABCDEF"), CBC, IV, pad)
- encrypted = cipher.encrypt(unistr)
- cipher = des(encrypted[-8:], CBC, IV, pad)
- encrypted = cipher.encrypt(unistr)
- retVal = hexencode(encrypted[-8:])
- return retVal.upper() if uppercase else retVal.lower()
|