Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Storing encrypted strings in a password column

Re: Storing encrypted strings in a password column

From: Niall Litchfield <niall.litchfield_at_dial.pipex.com>
Date: Sat, 14 Sep 2002 11:55:31 +0100
Message-ID: <3d8315a6$0$8514$cc9e4d1f@news.dial.pipex.com> 






"Jurgen Lindt" <nospam_at_nospam.com> wrote in message
news:Q1wg9.27849$jG2.2034165_at_bgtnsc05-news.ops.worldnet.att.net...


> Good ideas there.  The password hash is generated from a login ID and a

> constant in the code.  The hash is then used to encrypt the data (password

> in this case) and the hash is not stored.  The hashing mechanism in this

> case is MD5 (192-bit key), the encryption used is Triple DES.

>

> So the sequence for encrypting a person's password is:

>

> (a) Grab the login ID (text string of 8 long) & password

>

> (b) Run it through the encryption function (generates hash from login ID

 and


> constant in the code - concat, then encrypts the password using the hash

 and


> Triple DES algorithm)

>

> (c) Store the encrypted password in the database

>

> May not be the greatest way of doing it.




Is there a reason you can't use oracle accounts and let Oracle deal with
passwords etc?



--
Niall Litchfield
Oracle DBA
Audit Commission UK
*****************************************
Please include version and platform
and SQL where applicable
It makes life easier and increases the
likelihood of a good answer
******************************************


Received on Sat Sep 14 2002 - 05:55:31 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US