Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.tools -> Re: DESEncrypt & DESDecrypt in Oracle 8i
bashar77_at_my-deja.com wrote:
>
> Hi there,
> I'm using the Oracle supplied package DBMS_OBFUSCATION_TOOLKIT
> for encrypting and decrypting data in the database.
> I want to create a table for user information including their password
> but I want to store the password encrypted.
> The problem is that the functions DESEncrypt & DESDecrypt operates on a
> string of size multiple of 8 bytes, where I can't force the user to
> select a password that is exactly 8 bytes or a multiple of it.
> What should I do to use this package and not having that restriction??
> Also, if there is another good alternative to using the
> DBMS_OBFUSCATION_TOOLKIT package, please inform me.
>
> Thanks in advance.
> Bashar.
>
> Sent via Deja.com
> http://www.deja.com/
Why bother decrypting at all ?
Password validation only needs to be
a) encrypt the user's typed entry
b) and see if it matches the stored value.
In this way, you could use the DES plus any other tweaks you want - padding the password, adding random chars, etc etc etc.
HTH
Connor
-- =========================================== Connor McDonald http://www.oracledba.co.uk (mirrored at http://www.oradba.freeserve.co.uk) "Some days you're the pigeon, some days you're the statue"Received on Thu Jan 11 2001 - 05:31:55 CST