|
||
|
Title: Does Oracle enhance its o3logon? Post by Pete Finnigan on Dec 2nd, 2005, 6:28am Hello, everyone! Using sniffer, I got a big supprise in oracle 9i environment, its auth_sesskey has 16 bytes(32 nibbles), while, in oracle 8i, the auth_sesskey only has 8 bytes(16 nibbles). So, I think Oracle may enhance its o3logon implementation. Any one knows? Thanks. |
||
|
Title: Re: Does Oracle enhance its o3logon? Post by Pete Finnigan on Dec 4th, 2005, 9:27pm Hi, I can confirm this change as well. I saw this a couple of years or so ago. You do not need a sniffer to see it. Simply use SQL*Net trace level 16 or SUPPORT and make a login and its shown in the trace file. cheers Pete |
||
|
Title: Re: Does Oracle enhance its o3logon? Post by Pete Finnigan on Jan 10th, 2006, 10:09pm Hi, Is there any information how it works? I implemented a "poc" brute forcer for the older one, but I did not find any information how the newer works. Thanks, Laszlo |
||
|
Title: Re: Does Oracle enhance its o3logon? Post by Pete Finnigan on Jan 12th, 2006, 8:17pm Hi Laszlo, have you published your Poc brute forcer? cheers Pete |
||
|
Title: Re: Does Oracle enhance its o3logon? Post by Pete Finnigan on Jan 14th, 2006, 11:16am Hi Pete, Not yet, but I'm goin to publish it in the next week. I'll send you the link. I'm not absolutly convinced how usefull it is (considering the newer authentication alg.). At least it can be usefull if the client or the server is an older one. Regards, Laszlo |
||
|
Title: Re: Does Oracle enhance its o3logon? Post by Pete Finnigan on Jan 14th, 2006, 10:29pm Hi Laszlo, Thanks for your reply, I would be interested to see it and also add a link to it on my tools page when you do release it. cheers Pete |
||
|
Powered by YaBB 1 Gold - SP 1.4! Forum software copyright © 2000-2004 Yet another Bulletin Board |