The one-way algorithm used to calculate password hashes is not openly documented by
Oracle, but references on-line and in printed materials provide sufficient information to
reproduce the algorithm.
A 1993 post on the comp.databases.oracle newsgroup describes the algorithm in detail,
identifying an unknown fixed key as an input parameter [1]. This key value was later
published in the book "Special Ops", providing sufficient information to reproduce the
algorithm [2]. The algorithm can be described as follows:
1. Concatenate the username and the password to produce a plaintext string;
2. Convert the plaintext string to uppercase characters;
3. Convert the plaintext string to multi-byte storage format; ASCII characters have the
high byte set to 0x00;
4. Encrypt the plaintext string (padded with 0s if necessary to the next even block length)
using the DES algorithm in cipher block chaining (CBC) mode with a fixed key value of
0x0123456789ABCDEF;
5. Encrypt the plaintext string again with DES-CBC, but using the last block of the output
of the previous step (ignoring parity bits) as the encryption key. The last block of the
output is converted into a printable string to produce the password hash value.