Results 1 to 2 of 2
  1. #1
    Join Date
    Jul 2003
    Posts
    1

    Unanswered: Password hashing

    Hi all,

    I have a query regarding the dbms_utility.get_hash_value function. I am a Java developer, and am somewhat new to Oracle - hence my earlier Google searches were of little help.

    We are in the process of re-writing a web application, and are moving the existing username/password tables over to our new schema. Our old system stores passwords and PIN details by hashing them with the following formula :-

    Code:
    encrypted_value := ltrim(to_char(dbms_utility.get_hash_value(value,1000000000,power(2,30)),rpad
    ('X',29,'X')||'X'));
    I'd like to know what algorithm this "get_hash_value" uses - as we need to do the same encryption routine in Java to check passwords. Otherwise, we'll have to issue thousands of users with new passwords.

    Could anyone provide me with some pointers on this function, or how to generate the same hashes in Java ?

    Any information would be greatly appreciated.

    Thanks in advance,

    -Mark

  2. #2
    Join Date
    Nov 2002
    Location
    Desk, slightly south of keyboard
    Posts
    697
    I replied to a different post about this, I'm not sure about the Java side, but you should be aware that prior to any password reaching your server side encryption routines, it's probably going "along the wire" in plain text.

    You should check for this yourself, esp. in a Web environment.

    Hth
    Bill

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •