[Previous entry: "Security firm considers changing its policy on public disclosure of security vulnerabilities"] [Next entry: "Wifred notes that Patch 9.0.4.2.0 has a bug in Oracle forms"]
Pre DBMS_RANDOM
September 5th, 2005 by Pete
Post to del.icio.us
Post to Furl
I saw a post on Eddie Awad's blog last week and made a not to have a look. The post is titled "Pre DBMS_RANDOM". This is an interesting post that shows how random numbers were generated pre DBMS_RANDOM. Eddie shows some code from an Oracle Applications package that uses a seed and a date as the randomizing factor. There are known issues with DBMS_RANDOM in that if the seed is not long enough the number generated is not random enough. It is better to use the DESGETKEY function in DBMS_OBFUSCATION_TOOLKIT as this uses the FIPS-140 random number generator.
Nice blog entry though, useful to see how it was done. Its not too difficult to see how any encryption that uses a key generated by Eddies package might be broken with knowledge of the time frame it was encrypted and the seed value.
