[Previous entry: "SQLGotcha is on freshmeat"] [Next entry: "A good description of some of the Oracle default accounts"]
A good paper on Oracle's random number generator
May 18th, 2005 by Pete
Post to del.icio.us
Post to Furl
I found an interesting paper last week on DBA Support about Oracle's random number generator. This is a package that can find uses in security or in cryptography. The paper is written by Steve Callan and is titled "Unwrapping Oracle's DBMS Packages: Understanding Oracle's Random Number Generator". The paper starts by confirming that the random number generator package DBMS_RANDOM should not be used to generate cryptographic keys as it is unsuitable. The paper then goes on to discuss why in detail. Steve gives some great examples and analysis. Page two of the paper talks about the installation scripts and then goes on to talk about the DBMS_RANDOM.STRING function with the 'P' option to generate cryptograms and even passwords. Steve closes by saying that he hopes to have surfaced some new features of the DBMS_RANDOM package and also given some insight into the numbers produced by this package.
This is a great paper and well worth reading.
