When building applications (especially with Oracle Apex) we often have the requirement for managing users with a decent authentication system set up. A security consideration here is hashing password.
You can use the following function to hash your password using MD5.
However if you recursively hash it several times, you can secure your application and prevent dictionary attacks.
Here is a very simple function I wrote for this purpose.
create or replace Function hashPass
( raw_pass IN varchar2 )
RETURN varchar2
IS
I NUMBER;
RES VARCHAR2(500);
BEGIN
res:=raw_pass; -- start by putting raw value into result
FOR I IN 1..95 LOOP -- hash it 95 times to prevent dictionary attacks
SELECT WWV_FLOW_ITEM.MD5(res) into res FROM DUAL;
END LOOP;
RETURN RES; -- return hash
END;
You can use the following function to hash your password using MD5.
However if you recursively hash it several times, you can secure your application and prevent dictionary attacks.
Here is a very simple function I wrote for this purpose.
create or replace Function hashPass
( raw_pass IN varchar2 )
RETURN varchar2
IS
I NUMBER;
RES VARCHAR2(500);
BEGIN
res:=raw_pass; -- start by putting raw value into result
FOR I IN 1..95 LOOP -- hash it 95 times to prevent dictionary attacks
SELECT WWV_FLOW_ITEM.MD5(res) into res FROM DUAL;
END LOOP;
RETURN RES; -- return hash
END;
Note:
- Hashing with MD5 once is never secure as there is possibility of dictionary attacks.
- I used 95 times for my example. You may use any arbitrary number.
No comments:
Post a Comment