Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 5 Oct 2012 19:24:16 +0530
From: Dhiru Kholia <>
Subject: Re: [PoC] Cryptographic flaws in Oracle Database authentication protocol

On Sat, Sep 29, 2012 at 3:35 PM, Dhiru Kholia <> wrote:
> On Sat, Sep 29, 2012 at 12:12 AM, Dhiru Kholia <> wrote:
>> Marcel has written "o5logoncrack" program to crack the password given
>> AUTH_SESSKEY and AUTH_VFR_DATA. However Marcel hasn't released any
>> algorithm details or source code. I will write a JtR format soon for this.
> Code is now committed to unstable-jumbo
> (
> ✗ ../run/john -fo:o5logon -t
> Benchmarking: Oracle O5LOGON protocol [32/64]... DONE
> Raw:    748982 c/s real, 754370 c/s virtual

Made some tweaks,

✗ ../run/john -fo:o5logon -t
Benchmarking: Oracle O5LOGON protocol [32/64]... DONE
Raw:	948317 c/s real, 948317 c/s virtual

This should match "official" cracker's speed.

> Ettercap plug-in to sniff AUTH_SESSKEY and AUTH_VFR_DATA is committed
> to

This work has been merged into official Ettercap tree. See


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.