"Pete Finnigan" <pete_at_petefinnigan.com> wrote in message
news:ZRv6ObBne2T$Ew$6_at_peterfinnigan.demon.co.uk...
> Hi Daniel,
>
> DBMS_RANDOM is known to not generate secure random numbers, i.e they are
> not random enough especially when short numbers are generated. This has
> been discussed previously with Rick (who wrote dbms_obfuscation_toolkit)
> on one of the comp.oracle.database* groups.
>
> Kind regards
>
> Pete
> --
> Pete Finnigan
> email:pete_at_petefinnigan.com
> Web site: http://www.petefinnigan.com - Oracle security audit specialists
> Book:Oracle security step-by-step Guide - see http://store.sans.org for
details.
What is a secure random number? There are random numbers, there are random
numbers over a variety of PDFs (probability density functions), there are
numbers with and without replacement. Are you saying that Daniel's method
is not that secure? (it is a souped up Ceasar substitution) Perhaps it is
not, but it might suffice for the purpose.
Jim
Received on Fri Aug 29 2003 - 21:42:08 CDT
