Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.misc -> Re: Encrypting a number into another number?
Hi Jim,
Thanks for the reply, No Daniel's method will probably suffice in this instance but like you I am not convinced it is secure enough to only be crackable by governments or supercomputer power.
What I was merely pointing out is that the use of DBMS_RANDOM to generate random numbers is not the best method within Oracle as this package has known issues whereby it generates numbers that are not sufficiently random if a sufficiently large enough seed is not used, i.e it generates pseudo random numbers. This package calls the internal number generator within the Oracle kernel. The newer GetKey functions included with the DBMS_OBFUSCATION_TOOLKIT, desgetkey and des3getkey use the FIPS - 140 certified random number generator which does generate sufficiently random numbers.
thanks
kind regards
Pete
-- Pete Finnigan email:pete_at_petefinnigan.com Web site: http://www.petefinnigan.com - Oracle security audit specialists Book:Oracle security step-by-step Guide - see http://store.sans.org for details.Received on Sat Aug 30 2003 - 15:05:45 CDT