| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Mailing Lists -> Oracle-L -> FW: encrypt passwords and hold on Oracle tables
Sorry Listers,
I did not notice that reply was not to the list.
Regards,
Aleem
-----Original Message-----
From: Abdul Aleem Sent: 22 August 2000 20:23 To: 'Jared Still' Subject: RE: encrypt passwords and hold on Oracle tables
It is insecure, I agree because one, you know the algorithm two it is
simplest and straight forward algorithm, the purpose was to give an idea for
encryption. Any way hope would not be as easy as any one to know the
password for a built-in encryption routine. To my understanding encryption
algorithms encrypt as complex as up to 256 bytes.
If security issues are there, you can write complex algorithms, few that I
could think of are:
algorithm that would convert ASCII value, maximum 254 (8-bit) to let's say
16-bit or 32-bit or up to 256 bytes.
algorithm to convert string to numeric value and store numeric value instead
of characters,
algorithm to convert part of string to numeric value, part leave as it is,
part convert to any other,
divide the password and store it in more than one columns,
store part of ASCII value in one column the rest in another,
even a combination of above or any other you could think of,
It is really up to you how complex and difficult you want your encryption to
be cracked just let your imagination run wilder.
Regards,
Aleem
-----Original Message-----
From: Jared Still [mailto:jkstill_at_bcbso.com] Sent: 22 August 2000 19:32 To: Abdul Aleem Cc: Multiple recipients of list ORACLE-L Subject: RE: encrypt passwords and hold on Oracle tables
Keep in mind that this method is insecure if you expect anyone to actually try to crack the encrypted password.
Anyone fairly good with cryptography ( not me )would have your passwords cracked in a short time. Received on Tue Aug 22 2000 - 10:37:54 CDT
 |
 |