Re: Encryption in Oracle8

From: Arjan van Bentem <avbentem_at_DONT-YOU-DAREdds.nl>
Date: Fri, 4 Dec 1998 20:17:05 +0100
Message-ID: <749chp$6kg$1_at_pascal.a2000.nl>

tmondal wrote
>I need to store encrypted password in database
>and decrypt it later on.

I wonder if you really need to be able to decrypt the passwords? If this is only used to verify a password that a user enters, then encrypting the supplied password and compare it to the encrypted (stored) password would be better. When you can decrypt the password, then anyone having access to the database can decrypt them...

Oracle does provide database encryption / decryption (for example dbencryp in Oracle Lite), but a simple encryption for only a few data elements could be achieved with something like:

x := dbms_utility.get_hash_value(pUsr||pPwd, 0, 999999999);

Note that the numeric result can not be decrypted (as more than one pUsr || pPwd combination could result in the same hash value), but that it is not a strong encryption either. If chances are equal, I'd say the chance to get the same encrypted password would be 3 to 1,000,000,000 if you allow three attempts...

Arjan. Received on Fri Dec 04 1998 - 20:17:05 CET

This message: [ Message body ]
Next message: Arjan van Bentem: "Re: Problem with Jinitiator"
Previous message: Arjan van Bentem: "Re: PLEASE HELP"
In reply to tmondal: "Encryption in Oracle8"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message