Thursday, October 13, 2011

Is it certified to use UTL_ENCODE.BASE64_ENCODE to convert the RAW hash password and is there any known issue?

Visit the Below Website to access unlimited exam questions for all IT vendors and Get Oracle Certifications for FREE
http://www.free-online-exams.com



Problem: Is it certified to use UTL_ENCODE.BASE64_ENCODE to convert the RAW hash password and is there any known issue?
application passwords are stored as SHA-1 hashed text in the database and using a custom DB plugin, synch this into OID.
Using DBMS_CRYPTO.HASH(UTL_I18N.STRING_TO_RAW(, 'AL32UTF8'), DBMS_CRYPTO.HASH_SH1) ; to hash passwords.

How to create new users and passwords directly in OID using SHA-1 when OID uses BASE64
And how to convert the earlier SHA-1 hashed passwords into this BASE64 format.


Solution:


Certified is a large term, there is no any Certification process for this kind of topic.

I made this test:

begin
dbms_output.put_line(DBMS_CRYPTO.HASH(UTL_I18N.STRING_TO_RAW('fiction5', 'AL32UTF8'), typ=>DBMS_CRYPTO.HASH_SH1));
dbms_output.put_line(UTL_ENCODE.BASE64_ENCODE(DBMS_CRYPTO.HASH(UTL_I18N.STRING_TO_RAW('fiction5', 'AL32UTF8'), typ=>DBMS_CRYPTO.HASH_SH1)));
dbms_output.put_line(UTL_ENCODE.BASE64_DECODE('6F5037425A54786B676335775677353430732B364F306753492F453D'));
end;
/

A0FEC1653C6481CE70570E78D2CFBA3B481223F1
6F5037425A54786B676335775677353430732B364F306753492F453D
A0FEC1653C6481CE70570E78D2CFBA3B481223F1

For the UTL_ENCODE the input string is a RAW
SQL> desc utl_encode
FUNCTION BASE64_DECODE RETURNS RAW
Argument Name Type In/Out Default?
------------------------------ ----------------------- ------ --------
R RAW IN
FUNCTION BASE64_ENCODE RETURNS RAW
Argument Name Type In/Out Default?
------------------------------ ----------------------- ------ --------
R RAW IN

as DBMS_CRYPTO.HASH is returning a RAW, I don't see any issue to use it.

The problem comes from the fact that Oracle SHA1 implementation is oracle's own based on SHA1 algorithm.
The hashing key may not be same across vendors/product if it has to be a secure one.

As now you need to create the user and passwords directly in OID, You can use Enterprise User Feature and Map the Oracle Users identified globally with the OID users.





Get Oracle Certifications for all Exams
Free Online Exams.com

No comments: