This content has been marked as final. Show 5 replies
Billy Verreynne wrote:Well, not done it myself before, but I would say that the moment you say "unique" you're talking of including some sort of sequence number, and then to make it pseudo-random, perhaps use some sort of hash or encryption with a little salt.
Any suggestions for an elegant way to generating nonces in PL/SQL code? It needs to be pseudo random and unique (over a 5 minute period for example).
E.g. timestamp pus random number as a base64 string. Or GUID (which is also time based).
Yes, looks good. Was thinking of using sys_guid. However, not sure whether there is a potential size limitation issue. The nonce, and time string, are concatenated with a secret and then hashed using SHA-1.
Have this problem with a well-known company's s/w where it chokes on auth tokens bigger than 16 or so characters. It hooks into the company's LDAP servers. My LDAP password is at times album titles in my version of 133t speak (have a wide taste in music) - and most of these passwords are more than 16 characters.*
LDAP is fine with that. But each time it happens that my password exceeds a certain size, I loose access to this company's s/w as their auth refuses to accept the valid, and long, password.
Learned the lesson that many hardcode string sizes to just a few characters unnecessarily... so now I'm waiting for confirmation as to what sizes the nonce can be...
<i>* reserving "The Rise and Fall of Ziggy Stardust and The Spiders of Mars" for a special occasion</i> ;-)