-- -----------------------------------------------------------------------------
--                 WWW.PETEFINNIGAN.COM LIMITED
-- -----------------------------------------------------------------------------
-- Script Name : sha1.sql
-- Author      : Pete Finnigan
-- Date        : Oct 2007
-- -----------------------------------------------------------------------------
-- Description : Use this script to find prove the 11g Password algorithm
-- -----------------------------------------------------------------------------
-- Maintainer  : Pete Finnigan (http://www.petefinnigan.com)
-- Copyright   : Copyright (C) 2007 PeteFinnigan.com Limited. All rights
--               reserved. All registered trademarks are the property of their
--               respective owners and are hereby acknowledged.
-- -----------------------------------------------------------------------------
--  Usage      : The script provided here is available free. You can do anything 
--               you want with it commercial or non commercial as long as the 
--               copyrights and this notice are not removed or edited in any way. 
--               The scripts cannot be posted / published / hosted or whatever 
--               anywhere else except at www.petefinnigan.com/tools.htm
-- -----------------------------------------------------------------------------
-- To Do       : None
-- -----------------------------------------------------------------------------
-- Version History
-- ===============
--
-- Who         version     Date      Description
-- ===         =======     ======    ======================
-- P.Finnigan  1.0         Oct 2007  First Issue.
-- -----------------------------------------------------------------------------

whenever sqlerror exit rollback

set feed on
set head on
set arraysize 1
set space 1
set verify off
set pages 25
set lines 80
set termout on

set serveroutput on size 1000000
undefine user_to_find
undefine pwd_guess

accept user_to_find char prompt  'NAME OF USER TO CHECK  [system]: ' default system
accept pwd_guess char prompt           'PWD to test     [manager]: ' default manager


DECLARE
	lv_pwd_raw RAW(128); 
	lv_enc_raw RAW(2048);
	lv_hash_found varchar2(300);
	cursor c_main(cp_user in varchar2) is
	select substr(spare4,3,40) hash,
		substr(spare4,43,20) salt,
		spare4
	from sys.user$
	where name=cp_user;
	lv_user c_main%rowtype;
BEGIN
	open c_main(upper('&&user_to_find'));
	fetch c_main into lv_user;
	close c_main; 
	lv_pwd_raw:= utl_raw.cast_to_raw('&&pwd_guess')||hextoraw(lv_user.salt);
	lv_enc_raw := sys.dbms_crypto.hash(lv_pwd_raw, 3);
	lv_hash_found:=utl_raw.cast_to_varchar2(lv_enc_raw);
	if lv_enc_raw = lv_user.hash then
		dbms_output.put_line('PWD found');
	else
		dbms_output.put_line('PWD not found');
	end if;	
END;
/