• Home
• Topics
• Oracle database administration
• Oracle database security
• How to use DBMS_CRYPTO package for Oracle password encryption/hashing

How to use DBMS_CRYPTO package for Oracle password encryption/hashing

Requires Free Membership to View

Login

• E-mail Address: 

By submitting your registration information to SearchOracle.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchOracle.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

As a rule of thumb, hashing application passwords is really the best way to go about it, for internal apps that may not need extreme levels of security. (This is the same method Oracle uses in 11g for protecting and validating database user passwords.) A properly salted SHA-1 hash provides really excellent resistance to cracking, without the need to manage encryption keys! All you would have to do is hash the password through one of DBMS_CRYPTO's hashing procedures and compare that to the original, hashed password value in you user table.

If you MUST use encryption, key management is critical -- it will make or break the security of the entire process. Please do not consider putting the key, or direct references in the PL/SQL procedures you used to call DBMS_CRYPTO – the Oracle wrap utility used to obscure your code is easily defeated by direct attack in 10g and below. 11g is actually much better in this regard, plus there are many free and commercial unwrapping utilities available. Proper key management is very complex and difficult to do properly. Often, a "weaker" but properly implemented obfuscation process will render a more secure system than a poorly implemented "strong" algorithm.

Dig Deeper

This was first published in August 2009

More from Related TechTarget Sites

• Data Management
• Business Analytics
• SAP
• SQL Server
• Java
• Data Center
• Content Management
• Financial Applications

• Data Management

  • Bank of America IT exec: EIM drivers key to shaping project plans

    The most effective programs are shaped by clearly stated business objectives, according to a senior information architect at Bank of America.

  • In-memory database caching helps AltEgo bring online avatars to life

    In-memory database caching technology is helping gamers take charge of their online identities.

  • Datachick gives 'big data' a verbal beat down at Enterprise Data World

    "Big data" technologies took a verbal shellacking from consultant and well-known Twitterer Karen Lopez in an Enterprise Data World conference session.

• Business Analytics

  • On the go the way to go? Answer lies with building mobile BI business case

    According to a recent Gartner survey, mobile technology is the second most important priority for CIOs in 2012, but building the business case is easier said than done.

  • Basic vs. complex: Companies walk the line on analytics best practices

    Businesses looking to build effective business intelligence and analytics programs have to toe the line between focusing on the basics and using new technology to build more complex BI systems.

  • Real estate company refines, expands geographic information system

    Marcus & Millichap shakes off its archaic data cleansing and analytics system for more automated processes, enabling the firm to explore its data on a more granular level.

• SAP

  • Spinnaker to fight Rimini Street for third-party SAP support market

    It was only a matter of time before SAP third-party support and maintenance provider Rimini Street had some competition from other vendors. That time has come.

  • SAP SapphireNow attendees heading to Orlando looking for answers

    SapphireNow attendees are looking for answers to a long list of questions on issues ranging from mobility to the acquisition of SuccessFactors and SAP’s long-term cloud strategy.

  • Eight stories tell the tale of SAP mobility

    From its growing ecosystem to Sybase Afaria, here is a collection of SearchSAP.com stories that clarify what SAP’s evolving mobile roadmap means for customers.

• SQL Server

  • Configuring SSRS the easy way

    Demystify the SQL Server Reporting Services (SSRS) configuration process. Get an overview of this tool and guidelines for how to set up each screen in SSRS from industry professional Roman Rehak.

  • SQL Server Upgrade Advisor, Upgrade Assistant can ease transition pains

    You probably think you’re ready to upgrade to the new release, but you might not be as prepared as you think. Before you upgrade, there are some tools to become familiar with, says Bob Sheldon.

  • ODBC drivers replacing OLE DB? Say what?

    After years of telling SQL Server users to avoid ODBC in favor of OLE DB, Microsoft has suddenly reversed its position and advised going back to ODBC. Why? And what should you do about it?

• Java

  • Scaling up and scaling out to meet new business demands

    Scaling up and scaling out are two ways for growing businesses to increase productivity, but doing so blindly may be more costly than it's worth.

  • On-demand computing models support Web application scalability

    The on-demand nature of cloud computing has put scalable Web applications within easy reach for businesses of all sizes.

  • Automate Web server load balancing for high scalability

    Automating Web server load balancing tasks provides high scalability for enterprise applications.

• Data Center

  • Why Zynga moved from public cloud to hybrid cloud

    The subtext of Zynga’s “hybrid cloud” strategy is that at a certain scale, public cloud ain’t cheap.

  • Dell microserver gives energy-efficient IT shops a glimpse of Ivy Bridge

    New Dell microservers include power-efficient Ivy Bridge processors based on Intel’s 22-nm manufacturing process.

  • How to balance three-phase power to maximize UPS capacity

    Apply these techniques to balance the three-phase power load and avoid unnecessarily buying a costly new UPS.

• Content Management

  • Document management system success relies on proper scope

    Document management system success relies on proper planning for the scope and needs of your organization -- not only today, but in the future, says consultant Steve Weissman.

  • Well-planted SharePoint 2010 backup strategy could help save the farm

    A SharePoint farm backup as part of an enterprise SharePoint 2010 backup strategy is simple, but on its own might not be enough. Brien M. Posey points out the other important considerations.

  • Picking the right CMS tool may require IT, marketing unity

    The key to choosing the ideal content management system is getting the IT and marketing departments to work together as a team, experts say.

• Financial Applications

  • Basic planning, data cleansing seen as crucial to HR system integration

    Save time and money by establishing human resources processes and scrubbing data before embarking on a project to integrate systems, industry watchers say.

  • SaaS HCM growing, but some prefer customization of on-premises HCM

    As more companies consider taking human capital management to the cloud, analysts say the on-site version also has its benefits.

  • From Excel to financial analytics software: Users, experts share tips

    When preparing for the transition, companies should review existing processes, involve end users and clean up the data.

• About us
• Contact us
• Site index
• Privacy policy
• Advertisers
• Business partners
• Events
• Media kit
• TechTarget corporate site
• Reprints
• Site map