[20151008]8i-10g口令密码的加密算法.txt
发布日期:2021-09-08 15:09:37 浏览次数:1 分类:技术文章

[20151008]8i-10g口令密码的加密算法.txt

--昨天晚上写了1篇关于11g密码问题,想看看8i-10g口令密码的加密算法,google半天竟然没找到。
--翻了一个电子文档找到相关内容做一个记录:

Apress.Expert.Oracle.Practices.Jan.2010.pdf

1.  Concatenate the username and password while also making the string Unicode for instance, for SYSTEM/MANAGER this
    would be S0Y0S0T0E0M0M0A0N0A0G0E0R0.
2.  Pad out the string with zeros to be a multiple of eight characters. This is not necessary if the memory holding the
    string is zeroed first, because it is then implicitly padded.
3.  Using an encryption key of 0123456789ABCDEF, use Data Encryption Standard Cypher Block Checksum (DES CBC) mode to
    encrypt the username/password string. Note that CBC mode means that the first 8 bytes are encrypted and the result
    is XOR'd with the next 8 bytes, and then that is encrypted, and so on. When completed, the last input vector (the
    last XOR result) is used as the new encryption key for the second round.
4.  Repeat all the preceding steps but use the encryption key extracted in step 3. This time, the last input vector is
    the result; the password hash stored in SYS.USER$.PASSWORD. The result is a "hash," not an encrypted value, even
    though a very popular encryption algorithm is used. This is because of the two stages used that make the final
    output nonrevisable, that is, it cannot be decrypted.

--看看www.petefinnigan.com/testpwd.sql written in PL/SQL确定加密算法.

-- -----------------------------------------------------------------------------
--                 WWW.PETEFINNIGAN.COM LIMITED
-- -----------------------------------------------------------------------------
-- Script Name : testpwd.sql
-- Author      : Pete Finnigan
-- Date        : May 2009
-- -----------------------------------------------------------------------------
-- Description : This script can be used to test users passwords in databases
--               of versions 7 - 10gR2
-- -----------------------------------------------------------------------------
-- Maintainer  : Pete Finnigan (
-- Copyright   : Copyright (C) 2008, 2009, PeteFinnigan.com Limited. All rights
--               reserved. All registered trademarks are the property of their
--               respective owners and are hereby acknowledged.
-- -----------------------------------------------------------------------------
-- License     : This software is free software BUT it is not in the public
--               domain. This means that you can use it for personal or
--               commercial work but you cannot remove this notice or copyright
--               notices or the banner output by the program or edit them in any
--               way at all. You also cannot host/distribute/copy or in anyway
--               make this script available through any means either in original
--               form or any derivitive work based on it. The script is
--               only available from its own webpage
--               or any other page that
--               PeteFinnigan.com Limited hosts it from.
--               This script cannot be incorporated into any other free or
--               commercial tools without permission from PeteFinnigan.com
--               Limited.
--
--               In simple terms use it for free but dont make it available in
--               any way or build it into any other tools.
-- -----------------------------------------------------------------------------
-- Version History
-- ===============
--
-- Who         version     Date      Description
-- ===         =======     ======    ======================
-- P.Finnigan  1.0         May 2009  First Issue.
-- P.Finnigan  1.1         May 2009  Added calls to upper for username/password
--                                   Thanks to Kennie Nybo Pontoppidan.
--
-- -----------------------------------------------------------------------------

create or replace function testpwd(username in varchar2, password in varchar2)
return char
authid current_user
is
   --
   raw_key raw(128):= hextoraw('0123456789ABCDEF');
   --
   raw_ip raw(128);
   pwd_hash varchar2(16);
   --
   cursor c_user (cp_name in varchar2) is
   select    password
   from sys.user$
   where password is not null
   and name=cp_name;
   --
   procedure unicode_str(userpwd in varchar2, unistr out raw)
   is
      enc_str varchar2(124):='';
      tot_len number;
      curr_char char(1);
      padd_len number;
      ch char(1);
      mod_len number;
      debugp varchar2(256);
   begin
      tot_len:=length(userpwd);
      for i in 1..tot_len loop
         curr_char:=substr(userpwd,i,1);
         enc_str:=enc_str||chr(0)||curr_char;
      end loop;
      mod_len:= mod((tot_len*2),8);
      if (mod_len = 0) then
         padd_len:= 0;
      else
         padd_len:=8 - mod_len;
      end if;
      for i in 1..padd_len loop
         enc_str:=enc_str||chr(0);
      end loop;
      unistr:=utl_raw.cast_to_raw(enc_str);
   end;
   --
   function crack (userpwd in raw) return varchar2
   is
      enc_raw raw(2048);
      --
      raw_key2 raw(128);
      pwd_hash raw(2048);
      --
      hexstr varchar2(2048);
      len number;
      password_hash varchar2(16);  
   begin
      dbms_obfuscation_toolkit.DESEncrypt(input => userpwd,
             key => raw_key, encrypted_data => enc_raw );
      hexstr:=rawtohex(enc_raw);
      len:=length(hexstr);
      raw_key2:=hextoraw(substr(hexstr,(len-16+1),16));
      dbms_obfuscation_toolkit.DESEncrypt(input => userpwd,
             key => raw_key2, encrypted_data => pwd_hash );
      hexstr:=hextoraw(pwd_hash);
      len:=length(hexstr);
      password_hash:=substr(hexstr,(len-16+1),16);
      return(password_hash);
   end;
begin
   open c_user(upper(username));
   fetch c_user into pwd_hash;
   close c_user;
   unicode_str(upper(username)||upper(password),raw_ip);
   if( pwd_hash = crack(raw_ip)) then
      return ('Y');
   else
      return ('N');
   end if;
end;
/

--他的算法是检测口令是否猜测正确的,我改一下看看:

create or replace function testpwd(username in varchar2, password in varchar2)
return char
authid current_user
is
   --
   raw_key raw(128):= hextoraw('0123456789ABCDEF');
   --
   raw_ip raw(128);
   pwd_hash varchar2(16);

   procedure unicode_str(userpwd in varchar2, unistr out raw)
   is
      enc_str varchar2(124):='';
      tot_len number;
      curr_char char(1);
      padd_len number;
      ch char(1);
      mod_len number;
      debugp varchar2(256);
   begin
      tot_len:=length(userpwd);
      for i in 1..tot_len loop
         curr_char:=substr(userpwd,i,1);
         enc_str:=enc_str||chr(0)||curr_char;
      end loop;
      mod_len:= mod((tot_len*2),8);
      if (mod_len = 0) then
         padd_len:= 0;
      else
         padd_len:=8 - mod_len;
      end if;
      for i in 1..padd_len loop
         enc_str:=enc_str||chr(0);
      end loop;
      unistr:=utl_raw.cast_to_raw(enc_str);
   end;
   --
   function crack (userpwd in raw) return varchar2
   is
      enc_raw raw(2048);
      --
      raw_key2 raw(128);
      pwd_hash raw(2048);
      --
      hexstr varchar2(2048);
      len number;
      password_hash varchar2(16);  
   begin
      dbms_obfuscation_toolkit.DESEncrypt(input => userpwd,
             key => raw_key, encrypted_data => enc_raw );
      hexstr:=rawtohex(enc_raw);
      len:=length(hexstr);
      raw_key2:=hextoraw(substr(hexstr,(len-16+1),16));
      dbms_obfuscation_toolkit.DESEncrypt(input => userpwd,
             key => raw_key2, encrypted_data => pwd_hash );
      hexstr:=hextoraw(pwd_hash);
      len:=length(hexstr);
      password_hash:=substr(hexstr,(len-16+1),16);
      return(password_hash);
   end;
begin
   unicode_str(upper(username)||upper(password),raw_ip);
   return crack(raw_ip);
end;
/


-- 测试看看:

SYS@test> select name,password,spare4 from sys.user$ where name='SCOTT';
NAME                 PASSWORD             SPARE4
-------------------- -------------------- --------------------------------------------------------------
SCOTT                57964D8CE8DC6EB2     S:F67125C76865130EB899ABB60A06C3D063A9A26CA2C95D76078DB11F1F0A

SYS@test> select testpwd('scott','btbtms') c20 from dual ;
C20
--------------------
57964D8CE8DC6EB2

上一篇:[20160710]备份archivelog仅仅1次.txt
下一篇:大数据 云计算 等搜集的资料

关于作者

    白红宇是个全栈工程师,前端vue,小程序,app开发到后端框架设计,数据库设计,环境部署上线运维。

最新文章

springboot中方法调用链路追踪——Zipkin快速开始 2021-06-20
ubuntu完全卸载mongodb 2021-06-20
spring-boot子模块打包jar去掉BOOT-INF文件夹 2021-06-20
将aop(面向切面编程)函数,打包成jar包并拦截另一项目中的函数 2021-06-20
Spring配置AOP切入点execution星号详解 2021-06-20
springboot中junit4与junit5注入区别 2021-06-20
linux安装redis及解决无法远程连接的问题 2021-06-20
kubernetes 使用kubectl port-forward 暴露端口访问应用 2021-06-20
mongodb分页与优化 2021-06-20
Spring Data MongoDB 三:基本文档查询(Query、BasicQuery)(一)(mongoTemplate与mongo命令对应关系) 2021-06-20
spring mongodb Criteria中"and"与"andOperator"方法的区别及"$and"如何工作(附:复合索引) 2021-06-20
java操作mongodb指定集合及索引建立spring boot(组合索引,复合索引) 2021-06-20
springAOP切入点表达式怎么排除某些方法 2021-06-20
jdk代理和cglib代理的区别 2021-06-20
SpringAOP中Aspectj拦截所有方法含有某个注解,并且排除某些包下的某些类的方法上也含有这个注解的方法 2021-06-20
springAOP中Pointcut注解表达式@target、@annotation、@within、this、target、within等 2021-06-20
centos7安装MongoDB3.4 2021-06-20
JUnit5中@TestInstance(TestInstance.Lifecycle.PER_CLASS) 2021-06-20
restTemplete在测试时发送请求报错org.springframework.web.client.HttpClientErrorException:400 null 2021-06-20
redis等缓存穿透、缓存击穿、缓存雪崩区别和解决方案 2021-06-20