Re: String ENCRYPTION Function available?

Vern Bawden - Prentice Centre - UQ (ccvern_at_uqvax.cc.uq.oz.au) wrote:

: ORACLE obviously has an encryption function for storing passwords; is this
: function available to developers for storing authentication data specific
: to an application? e.g., a Forms trigger might do something like:
 
: 	insert into authent_table (id_field, key_field)
: 	  values (:ENTERED_ID, ENCRYPT(:ENTERED_KEY));
 

: Note that ONE-WAY encryption only is required. Can't find anything in the : ORACLE 7 manuals (which doesn't necessarily mean it isn't there).

edtwm_at_huber.com (Tim McCollum) writes:
>I am not aware of an encrypt function in Oracle mostly because the algorithm
>for which the function is to determine how to translate the string (A = X,
>B=!) would need to be user defined. If you are using ORACLE7, you can create
>a function that can encrypt a string.
 

> encrypted_string := encrypt_string(:a_string);
 

>If you are using Oracle V6, you would need to write a similar PL/SQL block,
>probably in Forms to accomplish this.

Just wanted to add my $0.02 here: in release 7.1 of Oracle7 (which is the latest production release), once you have created a stored function in PL/SQL, you can now call it exactly as Vern suggests, ie, in a VALUES or WHERE clause, or in a SELECT list.

As for one-way (also referred to as message digest, or hash) functions, you might try looking in Knuth, or, perhaps even better, "Applied Cryptography" by Bruce Schneier.

I've done a little work in this area, why not drop me a line!

--
Ken Stewart,                    Telephone:   (301) 907 2225
Oracle Federal,     	        Fax:         (301) 657 0037
Bethesda, MD 20814              Internet:    kstewart_at_us.oracle.com
Disclaimer:  I just work for Oracle, I don't speak for them.