Auditing an Oracle database for security issues is very important. PeteFinnigan.com provides all of the information and tools that you will need Click here for details of PeteFinnigan.com Limited's detailed Oracle database security audit service Click here for details of PeteFinnigan.com Limited's Oracle Security Training Courses
Cookie Policy:We only use essential cookies on small sections of this website. For details see here.

Welcome, Guest. Please Login.
Nov 22nd, 2017, 9:41am
News: Welcome to Pete Finnigan's Oracle security forum
Home | Help | Search | Members | Login
   Pete Finnigan's Oracle Security Forum
   Security In General
   Security
(Moderator: Pete Finnigan)
   Searching for hash method used
« No topic | Next topic »
Pages: 1  Reply | Notify of replies | Send Topic | Print
   Author  Topic: Searching for hash method used  (Read 6923 times)
isaez
PeteFinnigan.com Junior Member
**



Ivan

   
View Profile |

Gender: male
Posts: 76
Searching for hash method used
« on: May 15th, 2014, 2:43pm »
Quote | Modify

Hi,
 
We have an obscure application (will not mention the name to protect itSmiley ) and it stores password in a Oracle table. My own password is somehow hashed (I assume it's an hash) and looks like this:
 
azrg3+lIO+NUjwOEUUs9GMb+2mr1
 
I think it's a base64 encoding of some hash but am not sure. Does someone know a good site where I can check what kind of hashing/encoding this is?
 
regards,
 
Ivan
IP Logged

regards,

Ivan
Pete Finnigan
PeteFinnigan.com Administrator
*****




Oracle Security is easier if you design for it

   
View Profile | WWW | Email

Gender: male
Posts: 309
Re: Searching for hash method used
« Reply #1 on: Jul 2nd, 2014, 10:55am »
Quote | Modify

Hi Ivan,
 
Sorry for the late reply; things are very busy for me and I was just told by someone some unanswered posts are on my forum.
 
There is little to go on except that it could be base64 but it decodes to binary.  
 
I would look at things like length to see if its a standard length for a known algorithm, or change your password 4 or 5 times and compare the hashes but change your password by one character if you can, so set it to "a" and then "b" or if length is enforced then "passworda" "passwordb"... and see if there is a noticable change in the hash or its completely random. If you can see a pattern its almost certainly not a hash and almost certainly no salt. If its random then it could very well be a hash but if its a salted hash then you would not have the salt (maybe its your username!). If so try an online hash site for common algorithms and try hashing your password to see if you can generate the same value.
 
hth
 
Pete
IP Logged

Pete Finnigan (email:pete@petefinnigan.com)
Oracle Security Web site: http://www.petefinnigan.com
Forum: http://www.petefinnigan.com/forum/yabb/YaBB.cgi
Oracle security blog: http://www.petefinnigan.com/weblog/entries/index.html
Pages: 1  Reply | Notify of replies | Send Topic | Print

« No topic | Next topic »

Powered by YaBB 1 Gold - SP 1.4!
Forum software copyright 2000-2004 Yet another Bulletin Board