Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Can oracle support encryption on some sensitive field in database?

Re: Can oracle support encryption on some sensitive field in database?

From: Pete Finnigan <pete_at_peterfinnigan.demon.co.uk>
Date: Tue, 20 Nov 2001 16:32:18 +0000
Message-ID: <E$vAJPASWo+7EwmD@peterfinnigan.demon.co.uk> 





Hi Allen



I agree with what you say, but in 8.1.7 the dbms_obfuscation_toolkit
package supports 56, 112 and 168 bit keys the triple DES supporting 16
byte ( 2key ) and 24 byte ( 3 key ). The triple DES and MD5 only being
available in 8.1.7 and higher and DES in 8.1.6 and higher. 



What i was trying to say quite badly as it turned out is that 168 bit
using 3 key is available as well, although i do admit it looks like i
was saying 3DES is only 168 bit, 3 key and 2 key is not available.



The main point i wanted to make anyway is that its a symmetrical
algorithm and using a public algorithm might be better.



regards,


Pete



In article <9e3d4fab.0111200753.3e75619f_at_posting.google.com>, Allen
Kistler <ackistler_at_yahoo.com> writes


>Pete Finnigan <pete_at_peterfinnigan.demon.co.uk> wrote in message news:<iAD5GcAp0n

>87EwAO_at_peterfinnigan.demon.co.uk>...

>> Hi

>> 

>> Actually the 3DES is triple DES and has a 168 bit key, not 112, but its

>> still DES and is known to be a weak algorithm as its symmetrical. You

>> would be better using a public algorithm that uses public and private

>> keys.

>

>This is a slight digression, but ....

>

>3DES uses two 56-bit keys, hence 3DES essentially has a 112-bit key.

>

>M = cleartext

>C = ciphertext

>K1 = first key

>K2 = second key

>

>Start with M

>Encrypt with K1

>Decrypt with K2

>Encrypt with K1

>You get C

>

>Why not use three keys (K1, K2, and K3)?

>Because then it's possible to find two keys (K1' and K2') which give

>you the same result.  In fact there are exactly 2^56 sets of such

>keys.  So even though you used 168 bits worth of keys, you only got

>112 bits worth of encryption.

>

>So if you only get 112 bits worth of encryption anyway, why do the

>last encryption step?

>Because if you don't, there are about 2^55 sets of (K1' and K2') that

>produce the same result.  So even though you used 112 bits worth of

>keys, you only got about 57 bits worth of encryption.



-- 
Pete Finnigan
IT Security Consultant
PenTest Limited

Office  01565 830 990
Fax     01565 830 889
Mobile  07974 087 885

pete.finnigan_at_pentest-limited.com

www.pentest-limited.com


Received on Tue Nov 20 2001 - 10:32:18 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US