Pete Finnigan's Oracle Security Forum (http://www.petefinnigan.com/forum/yabb/YaBB.cgi)
Oracle Security >> Oracle Security >> Key and algo for encrypting the listener password.
(Message started by: Pete Finnigan on Jul 28th, 2007, 2:14am)

Title: Key and algo for encrypting the listener password.
Post by Pete Finnigan on Jul 28th, 2007, 2:14am
Hi,

I would like to know the key and algorithm used for encrypting the listener password. I see that if I set the password on the server using change_password, and use the same password (in clear text) on the lsnrctl prompt (run on remote machine) using set password, the password is encrypted/hashed while being sent to server (seen using tcpdump).

I want to use it in my C code (from remote machine)to communicate with the listener (on the server), hence I am interested in knowing the key/algo for the same.

The listener.ora, sqlnet.ora and tnsnames.ora file does not contain any key/algo specifications, hence the values must be default.

Kindly excuse if I am not clear as I am new to this domain.

Any help is highly appreciated.

Regards,
Riz.

Title: Re: Key and algo for encrypting the listener passw
Post by Pete Finnigan on Jul 28th, 2007, 8:08am
Riz,

The Oracle TNS Listener is using the Oracle password algorithm (from the database) to hash the listener password using the change_password command.

People often misunderstand this concept.

There are 2 ways to set the listener password with the set password command:
1. set password tiger
2. set password <CR>
  password: tiger

In the first case the string "tiger" is sent in cleartext, in the second case the string "tiger" is hashed with the Oracle password algorithm and the result (=hash value) is sent in cleartext.

For an attacker there is no difference if he intercepts the string because this string is used for the listeneer authentication. The attacker just uses the

 set password E7C4...

to send the hash value.
The hashing algorithm is only used to generate a (random) string. The hashing algorithm is only useful for dictionary attacks against the TNS listener (e.g. for hashing a dictionary file).

Hope this helps.

Alexander

--
Alexander Kornbrust

Title: Re: Key and algo for encrypting the listener passw
Post by Pete Finnigan on Aug 2nd, 2007, 12:45am
Hi Alexander,

Thanks for taking time out but as observed the password sent over the network is always the encrypted as shown below

"DESCRIPTION=(CONNECT_DATA=(CID=(PROGRAM=)(HOST=)(USER=oracle))(COMMAND=status)(ARGUMENTS=64)(PASSWORD=125916DFCEFE8F08)(SERVICE=)(VERSION=)))"

irrespective of the way the password was entered

1) set password <passwd> or
2) set paswprd <CR>
   password: <passwd>.

Also, the Oracle password algorithm as mentions on red-database-security that the username is concatenated to the user's password, and "all characters will be converted to uppercase before the hashing starts 8-byte hash, encrypted with a DES encryption algorithm without real salt (just the username)".

but as I have observed, irrespective of the username used, the encrypted password is always same for a password "welcome" (125916DFCEFE8F08), which indicates that username is not used in calculating the password for listener authentication.

Hence, my original query still stands about the algo used for encrypting the listner password.

Thanks in advance,
Riz

Title: Re: Key and algo for encrypting the listener passw
Post by Pete Finnigan on Aug 2nd, 2007, 10:25pm
Riz,

what version of Oracle do you use? That's important. Oracle changed the behaviour of the set password command in some newer versions (AFAIK with 9206/9207).

The listener does not have an username that's why Oracle is using the artificial username "arbitrary" instead, e.g.
hash(ARBITRARYWELCOME).

---
#----ADDED BY TNSLSNR 22-MAR-2006 01:21:55---
PASSWORDS_LISTENER = C75FBC1C9FA2F2D3
#--------------------------------------------

D:\orabf>oraclehash arbitrary v1enna
c75fbc1c9fa2f2d3:arbitrary
--

In some versions of 64 bit operating systems there was a problem in the implementation of this algorithm. But in most OS the Oracle password algorithm should work.

I hope this solves the problem.

Regards

Alexander
--

Title: Re: Key and algo for encrypting the listener passw
Post by Pete Finnigan on Jan 22nd, 2010, 11:30pm
There is a detailed description for this algo:
marcellmajor.com/frame_listenerhash.html - (broken link)



Powered by YaBB 1 Gold - SP 1.4!
Forum software copyright © 2000-2004 Yet another Bulletin Board