Re: Can oracle support encryption on some sensitive field in database?

Hi

Actually the 3DES is triple DES and has a 168 bit key, not 112, but its still DES and is known to be a weak algorithm as its symmetrical. You would be better using a public algorithm that uses public and private keys.

Also 3DES is only available on 8i rel3 AFAIK. single DES only on 8i rel2.

There is also an endian issue with using the dbms_obfuscation_toolkit package if you encrypt on intel and try to decrypt say on sparc it wont work.

I would either write an external procedure yourself in C or Java and call it or use a commercial tool.

HTH
Pete Finnigan
www.pentest-limited.com

In article <TRS29669CEF8_at_trais.com.ua>, Anatoly Moskovsky <avm_at_trais.com.ua> writes
>Hi!
>
>*** On november 09 Richard Kuhler wrote:
>
> RK> Jim Kennedy wrote:
> >> Look at the dbms_obsfucation package.
>
> RK> <snip>
>
> RK> Unfortunately, dbms_obfuscation doesn't pass his first requirement.
>
> >>>>> 1. encryption key should be at least 128-bit key
>
> RK> from the oracle docs...
>
> RK> "... the DES key length for encryption is fixed at 56 bits; you
> RK> cannot alter this key length."
>
>
> RK> To achieve 128 bits, I believe he's going to have to use an external
> RK> routine (e.g. java or c).
>
>AFAIR, dbms_obfuscation supports the 3DES with 112-bit effective key length
>as well
>This should be enough for symmetric encryption: if 10 billion computers
>would check 10 billion keys per second, it would take ~1 million years to
>find the key.
>By the time when (dramatically) more powerful computers have been designed,
>Oracle will release the next version of the dbms_obfuscation, that supports
>AES (256 bit) or something else :)
>
>Bye
>
>-------------------------------------------------------------------
>
>[SQL Batch: Oracle automation] http://sqlbatch.com/sb/
>

-- 
Pete Finnigan
IT Security Consultant
PenTest Limited

Office  01565 830 990
Fax     01565 830 889
Mobile  07974 087 885

pete.finnigan_at_pentest-limited.com

www.pentest-limited.com