Oracle Logon Protocol (O3LOGON) in 10g

I have determined that the 16 bytes immediately before the plain text password are randomly generated (for the curious, take a look at the ztvo5pe function exported by the oran10.dll library - you will see two successive calls to ztcen, the first call fills it in).

I originally posted the question because I was writing a small program to connect to an Oracle database without the use of Oracle's JDBC driver. I was finding that the database was rejecting my 32-byte AUTH_PASSWORD. I assumed that it was rejected because I had put an incorrect value in these first 16 bytes. I was wrong. It appears that these do not have any effect on whether or not a user authenticates.

Rather, it turns out that the database was rejecting my AUTH_PASSWORD because of the trailing bytes that come immediately after the plain text password. I naively padded the buffer with zeroes. It should have been padded according to the PKCS #7 specification.

If the password length < 16, the first 16 bytes are random data, then the password, the padding data are char of (16 – strlen(password)). The Oracle server can accept my AUTH_PASSWORD.If the password length >= 16, I don’t know how to do it. I filled the first 16 bytes with random data, but the server reject my data.I want to know: are you sure the padding data is according to the PKCS#7 specification.