6 Replies Latest reply: May 8, 2012 6:43 AM by Fran RSS

    Store encrypted password in 11g R2

    572055
      Hi All,
      Please can I know different methods of storing password in encryption format.


      Please can I know the steps involve to encrypt the password.


      Thanks.
        • 1. Re: Store encrypted password in 11g R2
          Fran
          Please can I know the steps involve to encrypt the password.
          Of course, google and documentation are your friends:
          http://docs.oracle.com/cd/E17904_01/doc.1111/e16580/password.htm
          • 2. Re: Store encrypted password in 11g R2
            572055
            thanks.

            I want to store the encrypted password in database.
            • 4. Re: Store encrypted password in 11g R2
              Fran
              the own database encrypt the password. for example:

              SQL> create user AA identified by BB;
              Usuario creado.
              SQL> select password from dba_users where username='AA';

              PASSWORD
              ------------------------------
              467E90852FA381CC

              Anyway i think you want to know "5.3 Encrypting the Configuration File Passwords" of the document I attached and you don't read.

              Edited by: Fran on 08-may-2012 2:57
              • 5. Re: Store encrypted password in 11g R2
                Dave Rabone
                Oracle ( back to version n, where n is a very small number) does not store encrypted passwords, it stores hashed passwords.

                There is a very fundamental difference between these two techniques ... if you don't understand that you need to do a bit of reading.

                If passwords must be stored they must be hashed, using salt (more reading).
                • 6. Re: Store encrypted password in 11g R2
                  Fran
                  Oracle ( back to version n, where n is a very small number) does not store encrypted passwords, it stores hashed passwords.
                  
                  There is a very fundamental difference between these two techniques ... if you don't understand that you need to do a bit of reading.
                  
                  If passwords must be stored they must be hashed, using salt (more reading)
                  You are telling about Oracle 8.1.5 and before.
                  the own database encrypt the password
                  when i told that i mean SHA, maybe "encrypt" was my error, i should used another word.

                  HASH info-->http://docs.oracle.com/cd/E23507_01/Platform.20073/ATGPersProgGuide/html/s0506passwordhashing01.html)
                  Please check:
                  http://docs.oracle.com/cd/E11882_01/network.112/e10574/authentication.htm#CHDBBGFG
                  Password encryption. Oracle Database automatically and transparently encrypts passwords during network (client-to-server and server-to-server) connections, using Advanced Encryption Standard (AES) before sending them across the network.
                  Passwords hashed using the Secure Hash Algorithm (SHA) cryptographic hash function SHA-1. Oracle Database uses the SHA-1 verifier is to authenticate the user password and establish the session of the user. In addition, it enforces case sensitivity and restricts passwords to 160 bits. The advantage of using the SHA-1 verifier is that it is commonly used by Oracle Database customers and provides much better security without forcing a network upgrade. It also adheres to compliance regulations that mandate the use of strong passwords being protected by a suitably strong password hashing algorithm. See "Ensuring Against Password Security Threats by Using the SHA-1 Hashing Algorithm" for more information.
                  and please check this too:
                  http://www.oracle.com/technetwork/database/options/advanced-security/index-099011.html
                  Transparent Data Encryption is one of the three components of the Oracle Advanced Security option for Oracle Database 11g Release 2 Enterprise Edition; it provides transparent encryption of stored data to support your compliance efforts. Applications do not have to be modified and will continue to work seamlessly as before. Data is automatically encrypted when it is written to disk and automatically decrypted when accessed by the application. Key management is built-in, eliminating the complex task of creating, managing and securing encryption keys
                  Edited by: Fran on 08-may-2012 4:35