Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Oracle Authentification with a long password (>16 characters) #5610

Open
k4amos opened this issue Dec 8, 2024 · 1 comment
Open

Oracle Authentification with a long password (>16 characters) #5610

k4amos opened this issue Dec 8, 2024 · 1 comment
Labels
question User support question

Comments

@k4amos
Copy link
Contributor

k4amos commented Dec 8, 2024

In an authentication with an Oracle database, the size of AUTH_PASSWORD will change if the password length exceeds 16 characters, as explained here.
@magnumripper had proposed in this issue #2155 (comment) to add a field with the size of Auth_PASSWORD at the end of the hash, but unfortunately this option doesn't seem to be implemented.

Is there a way to break these hashes with john?
@solardiz solardiz added the question User support question label Dec 8, 2024
@solardiz
Copy link
Member

solardiz commented Dec 8, 2024

I skimmed those referenced issues now, and I think this should just work. Have you tried? Unfortunately, we don't seem to have a test vector with a long password - it would be good to add one - maybe you'd contribute that?

add a field with the size of Auth_PASSWORD at the end of the hash, but unfortunately this option doesn't seem to be implemented.

As I understand, this was determined to be unnecessary and redundant - the length is determined from the hex encoding length of the existing field.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question User support question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@solardiz @k4amos