This module hash checks the input password against a schema's password in the Oracle database. Why? Some database driven Oracle enterprise applications use database schema authentication as application authentication. This module was developed so that other applications using the same database can mirror the same authentication. Other appropriate uses would include checking for weak passwords.
Oracle stores the trimmed encrypted value of the trimmed encrypted value of the SCHEMA + PASSWORD in the [SYS.USER$] table/view. Out of the box Oracle databases use a standard and well know, to the security minded, encryption key. (Oracle calls it a "key", to the security community an initialization vector.)
$ npm install ram-oracle
$ mocha test
or
$ npm test
const ram = require('ram-oracle');
//.match(<ORACLE SCHEMA>,<ORACLE PASSWORD>,<INPUT PASSWORD>)
let matches = ram.match('JDOE','587F72032A3C828E','password');
console.log('The input matches the Oracle Database password: ' + matches + '.');
let matches = ram.match('JDOE','587F72032A3C828E','incorrect_password');
console.log('The input matches the Oracle Database password: ' + matches + '.');
This package was inspired by a couple pieces of work and notes.
- Merit and explination of some concepts => http://seclists.org/pen-test/2000/Nov/198
- (PLSQL) => http://www.petefinnigan.com/tools.htm
- (JAVA) => https://community.oracle.com/thread/1528235
- (Ruby) => https://stackoverflow.com/questions/19718060/des3-encryption-ruby-opensslcipher-vs-oracle-dbms-obfuscation-toolkit
MIT License, Copyright (c) 2018 Dee Clawson