[20151008]8i-10g口令密码的加密算法.txt

[20151008]8i-10g口令密码的加密算法.txt

--昨天晚上写了1篇关于11g密码问题,想看看8i-10g口令密码的加密算法,google半天竟然没找到。
--翻了一个电子文档找到相关内容做一个记录:

Apress.Expert.Oracle.Practices.Jan.2010.pdf

1.  Concatenate the username and password while also making the string Unicode for instance, for SYSTEM/MANAGER this
    would be S0Y0S0T0E0M0M0A0N0A0G0E0R0.
2.  Pad out the string with zeros to be a multiple of eight characters. This is not necessary if the memory holding the
    string is zeroed first, because it is then implicitly padded.
3.  Using an encryption key of 0123456789ABCDEF, use Data Encryption Standard Cypher Block Checksum (DES CBC) mode to
    encrypt the username/password string. Note that CBC mode means that the first 8 bytes are encrypted and the result
    is XOR'd with the next 8 bytes, and then that is encrypted, and so on. When completed, the last input vector (the
    last XOR result) is used as the new encryption key for the second round.
4.  Repeat all the preceding steps but use the encryption key extracted in step 3. This time, the last input vector is
    the result; the password hash stored in SYS.USER$.PASSWORD. The result is a "hash," not an encrypted value, even
    though a very popular encryption algorithm is used. This is because of the two stages used that make the final
    output nonrevisable, that is, it cannot be decrypted.

--看看www.petefinnigan.com/testpwd.sql written in PL/SQL确定加密算法.

-- -----------------------------------------------------------------------------
--                 WWW.PETEFINNIGAN.COM LIMITED
-- -----------------------------------------------------------------------------
-- Script Name : testpwd.sql
-- Author      : Pete Finnigan
-- Date        : May 2009
-- -----------------------------------------------------------------------------
-- Description : This script can be used to test users passwords in databases
--               of versions 7 - 10gR2
-- -----------------------------------------------------------------------------
-- Maintainer  : Pete Finnigan (http://www.petefinnigan.com)
-- Copyright   : Copyright (C) 2008, 2009, PeteFinnigan.com Limited. All rights
--               reserved. All registered trademarks are the property of their
--               respective owners and are hereby acknowledged.
-- -----------------------------------------------------------------------------
-- License     : This software is free software BUT it is not in the public
--               domain. This means that you can use it for personal or
--               commercial work but you cannot remove this notice or copyright
--               notices or the banner output by the program or edit them in any
--               way at all. You also cannot host/distribute/copy or in anyway
--               make this script available through any means either in original
--               form or any derivitive work based on it. The script is
--               only available from its own webpage
--               http://www.petefinnigan.com/testpwd.sql or any other page that
--               PeteFinnigan.com Limited hosts it from.
--               This script cannot be incorporated into any other free or
--               commercial tools without permission from PeteFinnigan.com
--               Limited.
--
--               In simple terms use it for free but dont make it available in
--               any way or build it into any other tools.
-- -----------------------------------------------------------------------------
-- Version History
-- ===============
--
-- Who         version     Date      Description
-- ===         =======     ======    ======================
-- P.Finnigan  1.0         May 2009  First Issue.
-- P.Finnigan  1.1         May 2009  Added calls to upper for username/password
--                                   Thanks to Kennie Nybo Pontoppidan.
--
-- -----------------------------------------------------------------------------

create or replace function testpwd(username in varchar2, password in varchar2)
return char
authid current_user
is
   --
   raw_key raw(128):= hextoraw('0123456789ABCDEF');
   --
   raw_ip raw(128);
   pwd_hash varchar2(16);
   --
   cursor c_user (cp_name in varchar2) is
   select    password
   from sys.user$
   where password is not null
   and name=cp_name;
   --
   procedure unicode_str(userpwd in varchar2, unistr out raw)
   is
      enc_str varchar2(124):='';
      tot_len number;
      curr_char char(1);
      padd_len number;
      ch char(1);
      mod_len number;
      debugp varchar2(256);
   begin
      tot_len:=length(userpwd);
      for i in 1..tot_len loop
         curr_char:=substr(userpwd,i,1);
         enc_str:=enc_str||chr(0)||curr_char;
      end loop;
      mod_len:= mod((tot_len*2),8);
      if (mod_len = 0) then
         padd_len:= 0;
      else
         padd_len:=8 - mod_len;
      end if;
      for i in 1..padd_len loop
         enc_str:=enc_str||chr(0);
      end loop;
      unistr:=utl_raw.cast_to_raw(enc_str);
   end;
   --
   function crack (userpwd in raw) return varchar2
   is
      enc_raw raw(2048);
      --
      raw_key2 raw(128);
      pwd_hash raw(2048);
      --
      hexstr varchar2(2048);
      len number;
      password_hash varchar2(16);  
   begin
      dbms_obfuscation_toolkit.DESEncrypt(input => userpwd,
             key => raw_key, encrypted_data => enc_raw );
      hexstr:=rawtohex(enc_raw);
      len:=length(hexstr);
      raw_key2:=hextoraw(substr(hexstr,(len-16+1),16));
      dbms_obfuscation_toolkit.DESEncrypt(input => userpwd,
             key => raw_key2, encrypted_data => pwd_hash );
      hexstr:=hextoraw(pwd_hash);
      len:=length(hexstr);
      password_hash:=substr(hexstr,(len-16+1),16);
      return(password_hash);
   end;
begin
   open c_user(upper(username));
   fetch c_user into pwd_hash;
   close c_user;
   unicode_str(upper(username)||upper(password),raw_ip);
   if( pwd_hash = crack(raw_ip)) then
      return ('Y');
   else
      return ('N');
   end if;
end;
/

--他的算法是检测口令是否猜测正确的,我改一下看看:

create or replace function testpwd(username in varchar2, password in varchar2)
return char
authid current_user
is
   --
   raw_key raw(128):= hextoraw('0123456789ABCDEF');
   --
   raw_ip raw(128);
   pwd_hash varchar2(16);

   procedure unicode_str(userpwd in varchar2, unistr out raw)
   is
      enc_str varchar2(124):='';
      tot_len number;
      curr_char char(1);
      padd_len number;
      ch char(1);
      mod_len number;
      debugp varchar2(256);
   begin
      tot_len:=length(userpwd);
      for i in 1..tot_len loop
         curr_char:=substr(userpwd,i,1);
         enc_str:=enc_str||chr(0)||curr_char;
      end loop;
      mod_len:= mod((tot_len*2),8);
      if (mod_len = 0) then
         padd_len:= 0;
      else
         padd_len:=8 - mod_len;
      end if;
      for i in 1..padd_len loop
         enc_str:=enc_str||chr(0);
      end loop;
      unistr:=utl_raw.cast_to_raw(enc_str);
   end;
   --
   function crack (userpwd in raw) return varchar2
   is
      enc_raw raw(2048);
      --
      raw_key2 raw(128);
      pwd_hash raw(2048);
      --
      hexstr varchar2(2048);
      len number;
      password_hash varchar2(16);  
   begin
      dbms_obfuscation_toolkit.DESEncrypt(input => userpwd,
             key => raw_key, encrypted_data => enc_raw );
      hexstr:=rawtohex(enc_raw);
      len:=length(hexstr);
      raw_key2:=hextoraw(substr(hexstr,(len-16+1),16));
      dbms_obfuscation_toolkit.DESEncrypt(input => userpwd,
             key => raw_key2, encrypted_data => pwd_hash );
      hexstr:=hextoraw(pwd_hash);
      len:=length(hexstr);
      password_hash:=substr(hexstr,(len-16+1),16);
      return(password_hash);
   end;
begin
   unicode_str(upper(username)||upper(password),raw_ip);
   return crack(raw_ip);
end;
/

-- 测试看看:

SYS@test> select name,password,spare4 from sys.user$ where name='SCOTT';
NAME                 PASSWORD             SPARE4
-------------------- -------------------- --------------------------------------------------------------
SCOTT                57964D8CE8DC6EB2     S:F67125C76865130EB899ABB60A06C3D063A9A26CA2C95D76078DB11F1F0A

SYS@test> select testpwd('scott','btbtms') c20 from dual ;
C20
--------------------
57964D8CE8DC6EB2

时间: 2024-10-03 12:29:45

[20151008]8i-10g口令密码的加密算法.txt的相关文章

[20150504]11G口令不对的问题.txt

[20150504]11G口令不对的问题.txt --前一阵子,遇到用户口令不对,导致登录缓慢的问题,主要11G加入密码错误验证延迟导致的.(哎现在看文档才知道) http://blog.itpub.net/267265/viewspace-1479718/ Preventing passwords from being broken. If a user tries to log in to Oracle Database multiple times using an incorrect p

[20151123]关于11密码设置问题.txt

[20151123]关于11密码设置问题.txt --前一阵子写了一篇blog关于11密码设置的问题.链接:http://blog.itpub.net/267265/viewspace-1813450/ --昨天被别人问如何通过相同的方式保留10g,11g的密码. --我那样设置会导致仅仅1种模式有效. SCOTT@book> @ &r/ver1 PORT_STRING                    VERSION        BANNER --------------------

密令将军令-手机令牌动态口令密码的账号安全身份认证,防木马撞库?

问题描述 手机令牌动态口令密码的账号安全身份认证,防木马撞库? 我们是一家网络公司,本身公司想自己开发手机令牌.突然看到这个http://apistore.baidu.com/astore/serviceinfo/28430.html 我现在就不想再自己码代码,我感觉不错,用号令功能强大,用他们的SDK,可能我还得做点什么功能才好. 大家给点意见~~在线等 解决方案 基本不用做什么了,不过你也可以用google的二次验证(有公开算法),也可以达到你要的效果,具体可以下载一个google身份验证器

[20160906]修改口令在内存中.txt

[20160906]修改口令在内存中.txt --昨天测试了在内存中修改数据块的信息,突然想到如果我修改在内存中数据块sys.user$的口令的hash值,是否可以骗过系统认证,使 --用自己定制的口令.相关链接:http://blog.itpub.net/267265/viewspace-2124466/=>[20160904]在内存修改数据.txt --仔细想想不对,我能修改sys.user$的口令的hash值在内存中数据块,但是user名要作为数据字典加入共享池中,我仅仅修改数据块显 --

[20170111]设置无需口令登录数据库2.txt

[20170111]设置无需口令登录数据库2.txt --//上午测试无需口令登录数据库,这样连接数据库使用sqlplus /@book ,这样实际上通过网络连接数据库,哪怕是在本机也是这样. --//思考一下是否绕过. --//前面测试链接:http://blog.itpub.net/267265/viewspace-2132220/ 1.环境: SCOTT@book> @ &r/ver1 PORT_STRING                    VERSION        BANN

重写AgileEAS.NET SOA 中间件平台账号密码的加密算法

一.平台简介      AgileEAS.NET SOA 中间件平台是一款基于基于敏捷并行开发思想和Microsoft .Net构件(组件)开发技术而构建的一个快速开发应用平台.用于帮助中小型软件企业建立一条适合市场快速变化的开发团队,以达到节省开发成本.缩短开发时间,快速适应市场变化的目的.      AgileEAS.NET SOA中间件平台提供了敏捷快速开发软件工程的最佳实践,通过提供大量的基础支撑功能如IOC.ORM.SOA.分布式体系及敏捷并发开发方法所支撑的插件开发体系,以及提供了大

SQL Server口令密码对照表

server SQL Server在1433端口传输的数据大部分是明文的,这包括IP地址,连接用户名,成功和失败消息 这样一来,就很容易使用嗅探器嗅探在这个网段内SQL Server的相关信息,得到用户名和IP后,就 差口令了,其实SQL的口令加密是十分脆弱的,昨天我用了半小时,整理了一份口令字符对照表,在 分析SQL Server加密口令的时候,同时发现了SQL Server一个不大不小的BUG----如果你用";"做口令 将导致口令失效,原因是SQL Server的口令对照表中,没

[20151007]关于11G密码.txt

[20151007]关于11G密码.txt --从11G开始密码开始区分大小写的,通过参数SEC_CASE_SENSITIVE_LOGON参数来控制的.该参数默认设置为true. --我自己曾遇到升级后出现用户程序不区分大小写,导致在反复尝试后出现library cache lock,我记得当时自己也是手忙脚乱的,因为 --以前没遇到过,好在当时开发及时发现问题. -- http://blog.itpub.net/267265/viewspace-1479718/ --正好放假期间,别人的系统升

教你如何安全设置Linux操作系统密码

相对于Windows操作系统来说,Linux系统比较难于渗透和控制,其根本原因来自Linux的安全机制.对Web等应用设置严格的最低权限后,即使入侵者获取了webshell也因为较难提权而止步于此.有的入侵者还会分析服务器上涉及管理员.用户的密码信息.密码习惯等,通过社会工程学再次进行攻击,在运气好的情况下极有可能获取服务器的权限.因此对Linux服务器来说,除了设置严格的权限.及时更新漏洞补丁外还需要设置一个强健的密码.本文就Linux操作系统密码原理.如何破解Linux密码以及如何设置安全的