Oracle Password Hashing Algorithm

Body

Oracle hashes passwords into a hexadecimal string using the following steps:

  1. Concatenate the username and the password to produce a plaintext string.
  2. Convert the plaintext string to uppercase characters.
  3. Convert the plaintext string to multi-byte storage format; ASCII characters have the high byte set to 0x00;
  4. Encrypt the plaintext string (padded with 0s if necessary to the next even block length) using the DES algorithm in cipher block chaining (CBC) mode with a fixed key value of 0x0123456789ABCDEF;
  5. Encrypt the plaintext string again with DES-CBC, but using the last block of the output of the previous step (ignoring parity bits) as the encryption key. The last block of the output is converted into a printable string to produce the password hash value.

Details

Details

Article ID: 1833
Created
Mon 12/1/25 3:24 PM
Modified
Thu 12/4/25 9:05 AM

Related Services / Offerings

Related Services / Offerings (1)

General Support Request
Submit a General Support request using the "Purdue IT Request" button to the right. The Purdue IT Service Desk will examine, follow-up and route as needed.