This class implements the hash algorithm introduced in version 11g of the Oracle Database. It supercedes the Oracle 10 password hash. This class can be can be used directly as follows:
>>> from passlib.hash import oracle11 as oracle11 >>> # generate new salt, encrypt password >>> hash = oracle11.encrypt("password") >>> hash 'S:4143053633E59B4992A8EA17D2FF542C9EDEB335C886EED9C80450C1B4E6' >>> # verify password >>> oracle11.verify("password", hash) True >>> oracle11.verify("secret", hash) False
the generic PasswordHash usage examples
This implementation has not been compared very carefully against the official implementation or reference documentation, and it’s behavior may not match under various border cases. caveat emptor.
This class implements the Oracle11g password hash, and follows the Password Hash Interface.
It supports a fixed-length salt.
An example oracle11 hash (of the string password) is:
An oracle11 hash string has the format S:checksumsalt, where:
S: is the prefix used to identify oracle11 hashes (as distinct from oracle10 hashes, which have no constant prefix).
checksum is 40 hexidecimal characters; encoding a 160-bit checksum.
(4143053633E59B4992A8EA17D2FF542C9EDEB335 in the example)
salt is 20 hexidecimal characters; providing a 80-bit salt (C886EED9C80450C1B4E6 in the example).
The Oracle 11 hash has a very simple algorithm: The salt is decoded from it’s hexidecimal representation into binary, and the SHA-1 digest of passwordraw_salt is then encoded into hexidecimal, and returned as the checksum.
Passlib’s implementation of the Oracle11g hash may deviate from the official implementation in unknown ways, as there is no official documentation. There is only one known issue:
Lack of testing (and test vectors) leaves it unclear as to how Oracle 11g handles passwords containing non-7bit ascii. In order to provide support for unicode strings, Passlib will encode unicode passwords using utf-8 before running them through Oracle11. This behavior may be altered in the future, if further testing reveals another behavior is more in line with the official representation.
|||Description of Oracle10g and Oracle11g algorithms - http://www.notesbit.com/index.php/scripts-oracle/oracle-11g-new-password-algorithm-is-revealed-by-seclistsorg/.|