Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Encryption of value in a field

Re: Encryption of value in a field

From: Richard Kuhler <noone_at_nowhere.com>
Date: Wed, 09 Jan 2002 19:37:09 GMT
Message-ID: <FZ0%7.93296$AI.22996733@typhoon.san.rr.com> 





For better security, I would suggest you 'digest' the password using
dbms_obfuscation_toolkit.md5.  When you need to test whether a password
is valid or not, just digest the presented password and compare it to
the previous digest value.  For even better security, generate a random
'salt' string to concatenate to the password before you digest it; then
store the salt and the digested password together.  You don't need to
encrypt the salt.  It's purpose is just to make 'dictionary attacks'
much more difficult if someone gets access to the digested passwords.



Richard



"Patrick J." wrote:


> 

> Hi,

> 

> We are currently developing an Oracle application for which user management

> is made by the application, i.e. we have a table containing the login and

> password of each user.

> I would like to encrypt the field containing the password to preserve

> confidentiality.

> How can this be achieved in an Oracle 8.1.7 database?

> 

> Thanks,

> 

> Patrick J.

Received on Wed Jan 09 2002 - 13:37:09 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US