Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.misc -> Re: Encrypting a number into another number?

Re: Encrypting a number into another number?

From: Pete Finnigan <pete_at_petefinnigan.com>
Date: Sat, 30 Aug 2003 21:05:45 +0100
Message-ID: <PXHfPBBZOQU$Ewk1@peterfinnigan.demon.co.uk> 





Hi Jim,



Thanks for the reply, No Daniel's method will probably suffice in this
instance but like you I am not convinced it is secure enough to only be
crackable by governments or supercomputer power.



What I was merely pointing out is that the use of DBMS_RANDOM to
generate random numbers is not the best method within Oracle as this
package has known issues whereby it generates numbers that are not
sufficiently random if a sufficiently large enough seed is not used, i.e
it generates pseudo random numbers. This package calls the internal
number generator within the Oracle kernel. The newer GetKey functions
included with the DBMS_OBFUSCATION_TOOLKIT, desgetkey and des3getkey use
the FIPS - 140 certified random number generator which does generate
sufficiently random numbers. 



thanks



kind regards



Pete

-- 
Pete Finnigan
email:pete_at_petefinnigan.com
Web site: http://www.petefinnigan.com - Oracle security audit specialists
Book:Oracle security step-by-step Guide - see http://store.sans.org for details.


Received on Sat Aug 30 2003 - 15:05:45 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US