Home » RDBMS Server » Security » DBMS_OBFUSCATION_TOOLKIT.MD5
DBMS_OBFUSCATION_TOOLKIT.MD5 [message #17474] Sat, 15 January 2005 21:01 Go to next message
cw
Messages: 30
Registered: September 2002
Member
Hi Guys

I posted a question regarding encryption the other day and would like to thank Andrew for his reply - it has been most helpful.

I can now see that I can use the DBMS_OBFUSCATION_TOOLKIT.MD5 procedure to hash values, such as passwords within the database.

However, what I need to do is connect to an external SQLServer database from Oracle which contains a table containing a list of already MD5 hashed values (they have been hashed within a c# program and then inserted into an SQLServer database).

I need to pull all this data back into Oracle and 'unhash' the values.

Can anyone give me an example of how I might do this and possibly advise me of any problems.

Thanks so much in advance, I'm just really trying to prevent the data from having to be 'unhashed' outside of the Oracle database.

Regards.

Report message to a moderator

Re: DBMS_OBFUSCATION_TOOLKIT.MD5 [message #17496 is a reply to message #17474] Mon, 17 January 2005 13:39 Go to previous message
cw
Messages: 30
Registered: September 2002
Member
I fathomed out how to do this myself, so just incase anyone else is interested...

When comparing md5 hashes between ones generated by Oracle and .Net (or any thing else) you need to ensure that the exactly the same byte arrays enter the md5 algorithm on both sides. This is done by ensuring that both sides are using the same codepage during calculation.

For example if the database is set to

CHARACTER SET WE8MSWIN1252

And you calculate a hash like this



RETURN DBMS_OBFUSCATION_TOOLKIT.MD5(input_string => UPPER(p_username) || '/' || UPPER(p_password));




The .net comparing side will need to be something like.



string username = TextBox1.Text;

string password = TextBox2.Text;



string md5HashRemote = reader.[["HASH"]].ToString();



// get the same encoding as the database.

Encoding en = Encoding.GetEncoding(1252);



// Get the md5 provider

MD5CryptoServiceProvider md5Provider = new MD5CryptoServiceProvider();



// Compute the local hash

Byte[[]] md5HashLocal = md5Provider.ComputeHash(en.GetBytes(username + "/" + password));



if (en.GetString(md5HashLocal) == md5HashRemote)

{

// Success!!!!

}

Report message to a moderator

Previous Topic: Encryption
Next Topic: Removing privileges on a table after commited update
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Fri Jan 24 07:28:08 CST 2025
.:: Forum Home :: Blogger Home :: Wiki Home :: Contact :: Privacy ::.