Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Algorithm for Password Encryption

Re: Algorithm for Password Encryption

From: Arjan van Bentem <avbentem_at_DONT-YOU-DAREdds.nl>
Date: Sat, 12 Jun 1999 12:25:52 +0200
Message-ID: <7jtch6$pu6$1@weber.a2000.nl> 





Francis Chang wrote


> Does anyone have an algorithm for password encryption (possibly in


> PL/SQL??)




In general, you never need password decryption, only encryption. You could use
a hash value. This is, by design, always the same for a given string, but not
unique, so you cannot get the original password when you have the encrypted
one. However, this also implies that chances are (much?) greater than 1 to
999999999 that two passwords return the same encrypted password, so you'd
definitly need some blocking mechanism that would only allow for a limited
number of tries:



    sEncryptedPwd := dbms_utility.get_hash_value


        ( sUser || sPwd, 0, 999999999 );



I do not know how Oracle has implemented the hash value. Beware that it might
be a very simple algorithm, so if one knows that you use the line above, one
might be able to calculate a password that would return the same encrypted
one. Even worse, anyone could write a simple loop to definitly return such
password, or anyone could update your password table, so it is up to you to
limit access to that table anyway...



I've sent you some more code by e-mail.



Arjan.



Received on Sat Jun 12 1999 - 05:25:52 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US