[20151008]8i-10g口令密码的加密算法.txt

--昨天晚上写了1篇关于11g密码问题，想看看8i-10g口令密码的加密算法,google半天竟然没找到。

--翻了一个电子文档找到相关内容做一个记录：

Apress.Expert.Oracle.Practices.Jan.2010.pdf

1.  Concatenate the username and password while also making the string Unicode for instance, for SYSTEM/MANAGER this

    would be S0Y0S0T0E0M0M0A0N0A0G0E0R0. 2.  Pad out the string with zeros to be a multiple of eight characters. This is not necessary if the memory holding the     string is zeroed first, because it is then implicitly padded. 3.  Using an encryption key of 0123456789ABCDEF, use Data Encryption Standard Cypher Block Checksum (DES CBC) mode to     encrypt the username/password string. Note that CBC mode means that the first 8 bytes are encrypted and the result     is XOR'd with the next 8 bytes, and then that is encrypted, and so on. When completed, the last input vector (the     last XOR result) is used as the new encryption key for the second round. 4.  Repeat all the preceding steps but use the encryption key extracted in step 3. This time, the last input vector is     the result; the password hash stored in SYS.USER$.PASSWORD. The result is a "hash," not an encrypted value, even     though a very popular encryption algorithm is used. This is because of the two stages used that make the final     output nonrevisable, that is, it cannot be decrypted.

--看看www.petefinnigan.com/testpwd.sql written in PL/SQL确定加密算法.

-- -----------------------------------------------------------------------------

--                 WWW.PETEFINNIGAN.COM LIMITED -- ----------------------------------------------------------------------------- -- Script Name : testpwd.sql -- Author      : Pete Finnigan -- Date        : May 2009 -- ----------------------------------------------------------------------------- -- Description : This script can be used to test users passwords in databases --               of versions 7 - 10gR2 -- ----------------------------------------------------------------------------- -- Maintainer  : Pete Finnigan ( -- Copyright   : Copyright (C) 2008, 2009, PeteFinnigan.com Limited. All rights --               reserved. All registered trademarks are the property of their --               respective owners and are hereby acknowledged. -- ----------------------------------------------------------------------------- -- License     : This software is free software BUT it is not in the public --               domain. This means that you can use it for personal or --               commercial work but you cannot remove this notice or copyright --               notices or the banner output by the program or edit them in any --               way at all. You also cannot host/distribute/copy or in anyway --               make this script available through any means either in original --               form or any derivitive work based on it. The script is --               only available from its own webpage --               or any other page that --               PeteFinnigan.com Limited hosts it from. --               This script cannot be incorporated into any other free or --               commercial tools without permission from PeteFinnigan.com --               Limited. -- --               In simple terms use it for free but dont make it available in --               any way or build it into any other tools. -- ----------------------------------------------------------------------------- -- Version History -- =============== -- -- Who         version     Date      Description -- ===         =======     ======    ====================== -- P.Finnigan  1.0         May 2009  First Issue. -- P.Finnigan  1.1         May 2009  Added calls to upper for username/password --                                   Thanks to Kennie Nybo Pontoppidan. -- -- -----------------------------------------------------------------------------

create or replace function testpwd(username in varchar2, password in varchar2)

return char authid current_user is    --    raw_key raw(128):= hextoraw('0123456789ABCDEF');    --    raw_ip raw(128);    pwd_hash varchar2(16);    --    cursor c_user (cp_name in varchar2) is    select    password    from sys.user$    where password is not null    and name=cp_name;    --    procedure unicode_str(userpwd in varchar2, unistr out raw)    is       enc_str varchar2(124):='';       tot_len number;       curr_char char(1);       padd_len number;       ch char(1);       mod_len number;       debugp varchar2(256);    begin       tot_len:=length(userpwd);       for i in 1..tot_len loop          curr_char:=substr(userpwd,i,1);          enc_str:=enc_str||chr(0)||curr_char;       end loop;       mod_len:= mod((tot_len*2),8);       if (mod_len = 0) then          padd_len:= 0;       else          padd_len:=8 - mod_len;       end if;       for i in 1..padd_len loop          enc_str:=enc_str||chr(0);       end loop;       unistr:=utl_raw.cast_to_raw(enc_str);    end;    --    function crack (userpwd in raw) return varchar2    is       enc_raw raw(2048);       --       raw_key2 raw(128);       pwd_hash raw(2048);       --       hexstr varchar2(2048);       len number;       password_hash varchar2(16);      begin       dbms_obfuscation_toolkit.DESEncrypt(input => userpwd,              key => raw_key, encrypted_data => enc_raw );       hexstr:=rawtohex(enc_raw);       len:=length(hexstr);       raw_key2:=hextoraw(substr(hexstr,(len-16+1),16));       dbms_obfuscation_toolkit.DESEncrypt(input => userpwd,              key => raw_key2, encrypted_data => pwd_hash );       hexstr:=hextoraw(pwd_hash);       len:=length(hexstr);       password_hash:=substr(hexstr,(len-16+1),16);       return(password_hash);    end; begin    open c_user(upper(username));    fetch c_user into pwd_hash;    close c_user;    unicode_str(upper(username)||upper(password),raw_ip);    if( pwd_hash = crack(raw_ip)) then       return ('Y');    else       return ('N');    end if; end; /

--他的算法是检测口令是否猜测正确的，我改一下看看：

create or replace function testpwd(username in varchar2, password in varchar2)

return char authid current_user is    --    raw_key raw(128):= hextoraw('0123456789ABCDEF');    --    raw_ip raw(128);    pwd_hash varchar2(16);

   procedure unicode_str(userpwd in varchar2, unistr out raw)

   is       enc_str varchar2(124):='';       tot_len number;       curr_char char(1);       padd_len number;       ch char(1);       mod_len number;       debugp varchar2(256);    begin       tot_len:=length(userpwd);       for i in 1..tot_len loop          curr_char:=substr(userpwd,i,1);          enc_str:=enc_str||chr(0)||curr_char;       end loop;       mod_len:= mod((tot_len*2),8);       if (mod_len = 0) then          padd_len:= 0;       else          padd_len:=8 - mod_len;       end if;       for i in 1..padd_len loop          enc_str:=enc_str||chr(0);       end loop;       unistr:=utl_raw.cast_to_raw(enc_str);    end;    --    function crack (userpwd in raw) return varchar2    is       enc_raw raw(2048);       --       raw_key2 raw(128);       pwd_hash raw(2048);       --       hexstr varchar2(2048);       len number;       password_hash varchar2(16);      begin       dbms_obfuscation_toolkit.DESEncrypt(input => userpwd,              key => raw_key, encrypted_data => enc_raw );       hexstr:=rawtohex(enc_raw);       len:=length(hexstr);       raw_key2:=hextoraw(substr(hexstr,(len-16+1),16));       dbms_obfuscation_toolkit.DESEncrypt(input => userpwd,              key => raw_key2, encrypted_data => pwd_hash );       hexstr:=hextoraw(pwd_hash);       len:=length(hexstr);       password_hash:=substr(hexstr,(len-16+1),16);       return(password_hash);    end; begin    unicode_str(upper(username)||upper(password),raw_ip);    return crack(raw_ip); end; /

-- 测试看看：

SYS@test> select name,password,spare4 from sys.user$ where name='SCOTT';

NAME                 PASSWORD             SPARE4 -------------------- -------------------- -------------------------------------------------------------- SCOTT                57964D8CE8DC6EB2     S:F67125C76865130EB899ABB60A06C3D063A9A26CA2C95D76078DB11F1F0A

SYS@test> select testpwd('scott','btbtms') c20 from dual ;

C20 -------------------- 57964D8CE8DC6EB2