Hello stack community,
- I did key generator some thime ago using dbms_crypto.randomnumber.
- Im picking chars in a loop via random number from my set.
The thing is, random functions in dbms_crypto are based on the RSA X9.31 PRNG (Pseudo-Random Number Generator). And NIST says:
The Random Number Generators specified in FIPS 186-2 with Change Notice 1 >dated October 5, 2001 (Appendix 3.1 and 3.2), ANSI X9.31 (Appendix A.2.4) and >ANSI X9.62 (Appendix A.4)are no longer compliant as of January 1, 2016.
And i wonder:
-
Is it sercure to continue to generate randomnumber or convert it from randombytes in oracle?
-
Is there a valid secure way to do this? Or should i just change the platform i generate these codes?
i need some enlightenment about this. My key generator in the below
i number;
charSet varchar2(64) := '0123456789ABCDEFGHIJKLMNOPQRSTUXWVYZabcdefghijklmnopqrstuvwxyz++';
output varchar2(16);
selectedChar char;--begin below
output := data;
if (output is null or length(output) <> 16) then
selectedChar := substr(charSet, MOD(dbms_crypto.randomnumber, 64), 1);
if selectedChar <> '+' then
output := output || selectedChar;
else
return generateSecureCode(output);
end if;
return generateSecureCode(output);
else
--dbms_output.put_line(output);
select count(*)
into i
FROM [a table] b
WHERE b.secure_code = output;
if i > 0 then
return generateSecureCode(null);
end if;
return output;
end if;
Aucun commentaire:
Enregistrer un commentaire