[NEWS] Oracle Password Hashing Algorithm Assessment

From: SecuriTeam (support_at_securiteam.com)
Date: 11/15/05

  • Next message: SecuriTeam: "[TOOL] MD4 and MD5 Collision Generators" 
    To: list@securiteam.com
Date: 15 Nov 2005 12:41:46 +0200

    The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
    - - promotion

    The SecuriTeam alerts list - Free, Accurate, Independent.

    Get your security news from a reliable source.
    http://www.securiteam.com/mailinglist.html

    - - - - - - - - -

      Oracle Password Hashing Algorithm Assessment
    ------------------------------------------------------------------------

    SUMMARY

    In this paper the authors examine the mechanism used in Oracle databases
    for protecting users' passwords. The paper explains how to hash is
    generated, and shows the feasibility of brute force attack on retrieved
    hashes. The paper also lists several practices to help secure the hashes
    against bruteforcing.

    DETAILS

    The Algorithm:
    1. Concatenate the username and the password to produce a plaintext
    string;
    2. Convert the plaintext string to uppercase characters;
    3. Convert the plaintext string to multi-byte storage format; ASCII
    characters have the
    high byte set to 0x00;
    4. Encrypt the plaintext string (padded with 0s if necessary to the next
    even block length)
    using the DES algorithm in cipher block chaining (CBC) mode with a fixed
    key value of
    0x0123456789ABCDEF;
    5. Encrypt the plaintext string again with DES-CBC, but using the last
    block of the output
    of the previous step (ignoring parity bits) as the encryption key. The
    last block of the
    output is converted into a printable string to produce the password hash
    value.

    Dictionary Attack:
    Given the weak Oracle password hashing mechanism, it is practical for an
    attacker with modern hardware to exhaust all possibilities for a limited
    password length to brute-force the password hash. Using a standard Intel
    Pentium 4 2.8 GHz workstation with OpenSSL 0.9.8-beta3, the authors
    achieved a rate of approximately 830,000 password hashes/second on a
    32-byte data block. With a password length of 8 alphanumeric characters
    and a known username of 8 characters, an attacker could compute all
    possible possible passwords for a particular account in approximately 39.3
    days using similar hardware, expecting to successfully recover the
    plaintext password in approximately 20 days. This is especially
    problematic for organizations with a password expiration duration that is
    shorter than 20 days, since it is likely an attacker will be able to
    produce the plaintext password before the account password is changed.

    The full paper can be found at: <http://www.sans.org/info/911/>
    http://www.sans.org/info/911/

    ADDITIONAL INFORMATION

    The original article can be found at: <http://www.sans.org/info/911/>
    http://www.sans.org/info/911/

    ========================================

    This bulletin is sent to members of the SecuriTeam mailing list.
    To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
    In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

    ====================
    ====================

    DISCLAIMER:
    The information in this bulletin is provided "AS IS" without warranty of any kind.
    In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

  • Next message: SecuriTeam: "[TOOL] MD4 and MD5 Collision Generators"

    Relevant Pages