Finally, Oracle has made changes to the way they store passwords. Oracle 11g introduces a different algorithm (SHA1), supports mixed-case passwords and adds salts to stored passwords. This all sounds great EXCEPT that the old weaker hashes are still being stored in the sys.user$ table.
It seems as if several different people have been looking in [...]