Overview#Oracle Passwords in Databases Oracle case-insensitive passwords were used prior to 11g. case-insensitive hash is actually NOT a hash but an encrypted username/password combination, which becomes a one-way hash by encrypting the result of the first run (after removing some bytes) again.
As of 11g Release 1 the database uses case-sensitive passwords as a standard. It is possible however to disable this new functionality by changing an initialization parameter.Password values are accessible using either:
- 10g Release 2 (and previous versions) get 10g password hashes: SELECT username, password FROM dba_users WHERE username='<username>';
- 11g Release 1 (and later versions) get both 10g and 11g password hashes: SELECT name, password, spare4 FROM sys.user$ WHERE name='<username>';