Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: Encryption of value in a field
For better security, I would suggest you 'digest' the password using
dbms_obfuscation_toolkit.md5. When you need to test whether a password
is valid or not, just digest the presented password and compare it to
the previous digest value. For even better security, generate a random
'salt' string to concatenate to the password before you digest it; then
store the salt and the digested password together. You don't need to
encrypt the salt. It's purpose is just to make 'dictionary attacks'
much more difficult if someone gets access to the digested passwords.
Richard
"Patrick J." wrote:
>
> Hi,
>
> We are currently developing an Oracle application for which user management
> is made by the application, i.e. we have a table containing the login and
> password of each user.
> I would like to encrypt the field containing the password to preserve
> confidentiality.
> How can this be achieved in an Oracle 8.1.7 database?
>
> Thanks,
>
> Patrick J.
Received on Wed Jan 09 2002 - 13:37:09 CST