Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: searching for encrypted fields in data columns

Re: searching for encrypted fields in data columns

From: Daniel Morgan <damorgan_at_x.washington.edu>
Date: Mon, 05 Apr 2004 19:57:05 -0700
Message-ID: <1081220206.843454@yasure> 





nbnet wrote:



> I am by no means as experienced as the rest in the DB area being a

> programmer in mostly web apps but.... I needed to store usernames and

> passwords in our db in some kind of secure mannner. I understand that if you

> just encrypt the password a hacker can use brute force to easily (not to me

> of course) find out passwords.




Use Oracle's built-in obfuscation toolkit and the only ones breaking
it by brute force will be NSA, CIA, and FBI or their foreign equivs.



You can look it up at http://tahiti.oracle.com



But if you think it is easy to break even simple encryptions try
your luck on this one:



x := 'p78o 8o 0 o42i4p';


SELECT TRANSLATE(x,'?????', '?????')


FROM dual;



and I'm even giving you the code required to do it. Just replace
each of the five question marks with the correct number of the
correct characters.



Answer is available at: 


http://www.psoug.org/reference/translate_replace.html



As simplistic as this example is ... do you really think any of
your users could break it?

-- 
Daniel Morgan
http://www.outreach.washington.edu/ext/certificates/oad/oad_crs.asp
http://www.outreach.washington.edu/ext/certificates/aoa/aoa_crs.asp
damorgan_at_x.washington.edu
(replace 'x' with a 'u' to reply)


Received on Mon Apr 05 2004 - 21:57:05 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US