Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> RE: Encryption

RE: Encryption

From: Justin Cave (DDBC) <jcave_at_ddbcinc.com>
Date: Tue, 15 Nov 2005 15:09:16 -0700
Message-ID: <8769EA99D658784EA3CA652F2C93C63EC38C@EXCHANGE.ddbc.local>


Oracle has DBMS_OBFUSCATION_TOOLKIT (pre-10g) and DBMS_CRYPTO (post 10g) packages that allow you to both encrypt data and to hash it. For password storage, you almost certainly want to hash the password (which is unrecoverable) rather than encrypting it (which is recoverable). Oracle, Unix, and just about every other platform will hash passwords  

Tom Kyte has an excellent discussion on this topic here-  

http://asktom.oracle.com/pls/ask/f?p=4950:8:::::F4950_P8_DISPLAYID:95412 348059  

Justin  


From: oracle-l-bounce_at_freelists.org
[mailto:oracle-l-bounce_at_freelists.org] On Behalf Of Burton, Laura Sent: Tuesday, November 15, 2005 5:03 PM To: oracle-l_at_freelists.org
Subject: Encryption  

Scenario:  

We have a new user which will be created an account in an application (not a database user) by inserting into a table. When this occurs a trigger is fired to insert the user into other tables. A field in one of the tables is an encrypted password. We want the initial password to be the person's ssn, which was input into the table which fired the trigger. Does oracle have an encryption process that can be executed to encrypt the ssn, in this example, before inserting into another table? We have looked on OTN but could not find anything. I know the easy thing to do would be to use a generic password so that we could just move the encrypted password in every time, but our user wants ssn so that it will be unique to that user until they are prompted to change their password on the initial log in to the application. Again, this is not a database user.  

Thanks for the feedback.  

Laura

--
http://www.freelists.org/webpage/oracle-l
Received on Tue Nov 15 2005 - 16:11:41 CST

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US