Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: searching for encrypted fields in data columns
nbnet wrote:
> I am by no means as experienced as the rest in the DB area being a
> programmer in mostly web apps but.... I needed to store usernames and
> passwords in our db in some kind of secure mannner. I understand that if you
> just encrypt the password a hacker can use brute force to easily (not to me
> of course) find out passwords.
Use Oracle's built-in obfuscation toolkit and the only ones breaking it by brute force will be NSA, CIA, and FBI or their foreign equivs.
You can look it up at http://tahiti.oracle.com
But if you think it is easy to break even simple encryptions try your luck on this one:
x := 'p78o 8o 0 o42i4p';
SELECT TRANSLATE(x,'?????', '?????')
FROM dual;
and I'm even giving you the code required to do it. Just replace each of the five question marks with the correct number of the correct characters.
Answer is available at:
http://www.psoug.org/reference/translate_replace.html
As simplistic as this example is ... do you really think any of your users could break it?
-- Daniel Morgan http://www.outreach.washington.edu/ext/certificates/oad/oad_crs.asp http://www.outreach.washington.edu/ext/certificates/aoa/aoa_crs.asp damorgan_at_x.washington.edu (replace 'x' with a 'u' to reply)Received on Mon Apr 05 2004 - 21:57:05 CDT