hash_1_8.py 932 B

123456789101112131415161718192021222324252627
  1. def oracle_old_passwd(password, username, uppercase=True): # prior to version '11g'
  2. """
  3. Reference(s):
  4. http://www.notesbit.com/index.php/scripts-oracle/oracle-11g-new-password-algorithm-is-revealed-by-seclistsorg/
  5. >>> oracle_old_passwd(password='tiger', username='scott', uppercase=True)
  6. 'F894844C34402B67'
  7. """
  8. IV, pad = "\0" * 8, "\0"
  9. if isinstance(username, unicode):
  10. username = unicode.encode(username, UNICODE_ENCODING)
  11. if isinstance(password, unicode):
  12. password = unicode.encode(password, UNICODE_ENCODING)
  13. unistr = "".join("\0%s" % c for c in (username + password).upper())
  14. cipher = des(hexdecode("0123456789ABCDEF"), CBC, IV, pad)
  15. encrypted = cipher.encrypt(unistr)
  16. cipher = des(encrypted[-8:], CBC, IV, pad)
  17. encrypted = cipher.encrypt(unistr)
  18. retVal = hexencode(encrypted[-8:])
  19. return retVal.upper() if uppercase else retVal.lower()