Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Storing encrypted strings in a password column

Re: Storing encrypted strings in a password column

From: Jurgen Lindt <nospam_at_nospam.com>
Date: Sat, 14 Sep 2002 01:12:16 GMT
Message-ID: <Q1wg9.27849$jG2.2034165@bgtnsc05-news.ops.worldnet.att.net> 






Good ideas there.  The password hash is generated from a login ID and a
constant in the code.  The hash is then used to encrypt the data (password
in this case) and the hash is not stored.  The hashing mechanism in this
case is MD5 (192-bit key), the encryption used is Triple DES.



So the sequence for encrypting a person's password is:



(a) Grab the login ID (text string of 8 long) & password




(b) Run it through the encryption function (generates hash from login ID and

constant in the code - concat, then encrypts the password using the hash and
Triple DES algorithm)



(c) Store the encrypted password in the database




May not be the greatest way of doing it.



JL
Received on Fri Sep 13 2002 - 20:12:16 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US