Encryption 2

[spicysudhi]

Hi

i got below code from google search for encryption. it works only when the input string is exactly 8 characters. If any less or more, its not working.

is there anything i can do to get this working, where the input string between single character to 20 characters.


FUNCTION encrypt(input_string IN VARCHAR2) RETURN VARCHAR2 IS
key_string VARCHAR2(32) := 'A!190j2#Az19?j1@A!190j2#Az19?j1@';
encrypted_string VARCHAR2(2048);
decrypted_string VARCHAR2(2048);
BEGIN
encrypted_string := null;
dbms_obfuscation_toolkit.DES3Encrypt( input_string => input_string,
key_string => key_string,
encrypted_string => encrypted_string );
RETURN encrypted_string;
END;


thanks in advance.

sudhi

 

[dbomrrsm]

take a look at:

http://www.databasejournal.com/features/oracle/article.php/3358671

[blue]DBomrrsm[/blue]

[blue]Software code, like laws and sausages, should never be examined in production[/blue][black] - [/black][purple]Edward Tenner[/purple]

 

[LKBrwnDBA]

From Oracle manual:

If the input data given to the DESEncrypt procedure is not a multiple of 8 bytes, the procedure raises the error ORA-28232 "Invalid input size for Obfuscation toolkit".




----------------------------------------------------------------------------
The person who says it can't be done should not interrupt the person doing it. -- Chinese proverb

 

[spicysudhi]

my idea was to store passwords encrypted.

so above statement means, the password should be appended with nearest 8th byte.
if user enters 5 characters password, then we hav to append three chars to end, to make things work...

correct me if i am wrong.

alternatevelly... is there any other way of encryptin the password...?

regards,
sudhi

 

[LKBrwnDBA]

You are correct, you need to append (spaces?) to make password multiple of 8 characters.

Also, make sure your "encrypted password" column is of enough length to hold the additional characters.

A common practice is also to prefix the passwords with a random 8 characters (or minutes, seconds and miliseconds) to obfuscate more (vg. two identical passwords would produce different encrypted result).

Another way to deal with passwords would be to store only an encrypted checksum and compare checksum of enter'ed password with stored checksum -- downside is you cannot de-crypt stored checksum value into original password.




----------------------------------------------------------------------------
The person who says it can't be done should not interrupt the person doing it. -- Chinese proverb

 

[spicysudhi]

thanks very much.

I did like this. Appended the string with blank spaces. and when decrypted, i am using RTIM to remove the padded spaces.

CREATE OR REPLACE FUNCTION encrypt ( i_password VARCHAR2 )
RETURN VARCHAR2 IS
c_encrypt_key VARCHAR2 ( 8 ) := 'A!190j2#';
v_encrypted_val VARCHAR2 ( 3000 );
v_data VARCHAR2 ( 3000 );
BEGIN
-- INPUT DATA MUST HAVE A LENGTH DIVISIBLE BY EIGHT
v_data := RPAD ( i_password, (TRUNC ( LENGTHB ( i_password ) / 8 ) + 1 ) * 8,' ' );
DBMS_OBFUSCATION_TOOLKIT.desencrypt ( input_string => v_data,
key_string => c_encrypt_key,
encrypted_string => v_encrypted_val
);
RETURN v_encrypted_val;
END encrypt;
/


Above one works perfectly with all normal english letters. Unfortunatelly for me, one of our user has tried password "MÜLLER". Since it got special character, the error came.

ORA-28232: invalid input length for obfuscation toolkit
ORA-06512: at "SYS.DBMS_OBFUSCATION_TOOLKIT_FFI", line 0

Any suggestions, how can we track this.

background is: An ASP application uses the database. The user profiles are stored in a table. I want to make sure that the passwords in the tabl;e are non-readble form. So my idea was store the passwords in encrypt format. During user login (to ASP application), the passsword he entered with be encrypted and compared with the password in the table (or table password decrypted and compared to user password).

But the above special chars are problm with this toolkit. anything anyone suggesting for this... please.

thanks.

sudhi

 

[LKBrwnDBA]

It appears that the problem is with the special character(s) (umlaut?). You could try using NVARCHAR2 (or better RAW) to store passwords.


----------------------------------------------------------------------------
The person who says it can't be done should not interrupt the person doing it. -- Chinese proverb

 

[spicysudhi]

i am not lucky with this try also.

is there any user written functions??? (apart from toolkit derived one??)!

regards,
Sudhi

 

[LKBrwnDBA]

Strange, I could not re-produce the error:

SQL>CREATE OR REPLACE FUNCTION encrypt ( i_password VARCHAR2 )
  2    RETURN VARCHAR2 IS
  3    c_encrypt_key     VARCHAR2 ( 8 )    := 'A!190j2#';
  4    v_encrypted_val   VARCHAR2 ( 3000 );
  5    v_data            VARCHAR2 ( 3000 );
  6  BEGIN
  7     -- INPUT DATA MUST HAVE A LENGTH DIVISIBLE BY EIGHT
  8   v_data := RPAD ( i_password, (TRUNC ( LENGTHB ( i_password ) / 8 ) + 1 ) *
 8,' ' );
  9   DBMS_OBFUSCATION_TOOLKIT.desencrypt ( input_string          => v_data,
 10        key_string            => c_encrypt_key,
 11        encrypted_string      => v_encrypted_val
 12        );
 13   RETURN v_encrypted_val;
 14  END encrypt;
 15  /

Function created.

SQL>select encrypt('MÜLLER') from dual;

ENCRYPT('MÜLLER')
--------------------------------------------------------------------------------
XXI?mB

And we have CHARACTER SET = US7ASCII




----------------------------------------------------------------------------
The person who says it can't be done should not interrupt the person doing it. -- Chinese proverb

 

[spicysudhi]

i hav

NLS_CHARACTERSET = AL32UTF8
NLS_NCHAR_CHARACTERSET = AL16UTF16

:'((

regards,
Sudhi

 

[hoinz]

Hi,
I could reproduce the error with NLS_LANG = AMERICAN_AMERICA.UTF8.
Reason must be that in Unicode 'Ü' is more than 1 byte, and so string length is not a multiple of 8 bytes.
To confirm this:
encrypting 'ÜÜÜÜÜÜÜÜ' (8 'Ü') works!

 

[hoinz]

Hi,

it seems that RPAD'ing to multiples of 8 is not the way to go;
I changed the line 'vdata := ...' and this works for me:

CREATE OR REPLACE FUNCTION encrypt ( i_password VARCHAR2 )
  RETURN VARCHAR2 IS
  c_encrypt_key     VARCHAR2 ( 8 )    := 'A!190j2#';
  v_encrypted_val   VARCHAR2 ( 3000 );
  v_data            VARCHAR2 ( 3000 );
BEGIN
   -- INPUT DATA MUST HAVE A LENGTH DIVISIBLE BY EIGHT
 v_data := RPAD ( i_password, (TRUNC ( LENGTHB ( i_password ) / 8 ) + 1 ) * 8 - ( LENGTHB ( i_password ) - LENGTH ( i_password ) ),' ' );
 DBMS_OBFUSCATION_TOOLKIT.desencrypt ( input_string          => v_data,
      key_string            => c_encrypt_key,
      encrypted_string      => v_encrypted_val
      );
 RETURN v_encrypted_val;
END encrypt;
/

 

[hoinz]

With a bit more of testing I found this:

SQL> select lengthb(rpad('MÜLLER',8,' ')) from dual;

LENGTHB(RPAD('MÜLLER',8,''))
----------------------------
                           9

SQL> select lengthb(rpad('MÜLLER',7,' ')) from dual;

LENGTHB(RPAD('MÜLLER',7,''))
----------------------------
                           8

It seems the reason for our confusion was a misunderstanding on what RPAD does:
It pads to a given number of characters, not to a given number of bytes. Only in a non-unicode character set like US7ASCII bytes and characters are the same. And as the DESEncrypt procedure expects multiples of 8 bytes, RPAD alone cannot do it.

regards

 

[spicysudhi]

many many many thanks.

this is wonderful

regards,
sudhi