如何在Oracle 12c中使用PBKDF2? [英] How to use PBKDF2 in Oracle 12c?

问题描述

我们想在Oracle 12c中保存用户密码.我找到了dbms_crypto -Package，但是没有有关PBKDF2的信息.

We want to save user passwords in Oracle 12c. I found the dbms_crypto-Package but there was no information about PBKDF2.

2017年在Oracle 12c中使用PBKDF2的当前状态是什么?

What's the current state in 2017 to use PBKDF2 in Oracle 12c?

推荐答案

这是一个较晚的答案，但是据我所知，Oracle的DBMS_CRYPTO软件包本身并不支持PBKDF2.也就是说，您可以自己实现算法；这是一种实现方法:

This is a late answer, but to the best of my knowledge Oracle's DBMS_CRYPTO package does not support PBKDF2 natively. That said, you can implement the algorithm yourself; here is one way to do it:

CREATE OR REPLACE FUNCTION pbkdf2
  ( p_password IN VARCHAR2
  , p_salt IN VARCHAR2
  , p_count IN INTEGER
  , p_key_length IN INTEGER )
RETURN VARCHAR2
IS
    l_block_count INTEGER;
    l_last RAW(32767);
    l_xorsum RAW(32767);
    l_result RAW(32767);
BEGIN
    l_block_count := CEIL(p_key_length / 20);  -- use 20 bytes for SHA1, 32 for SHA256, 64 for SHA512

    FOR i IN 1..l_block_count LOOP
        l_last := UTL_RAW.CONCAT(UTL_RAW.CAST_TO_RAW(p_salt), UTL_RAW.CAST_FROM_BINARY_INTEGER(i, UTL_RAW.BIG_ENDIAN));
        l_xorsum := NULL;

        FOR j IN 1..p_count LOOP
            l_last := DBMS_CRYPTO.MAC(l_last, DBMS_CRYPTO.HMAC_SH1, UTL_RAW.CAST_TO_RAW(p_password));
            -- use HMAC_SH256 for SHA256, HMAC_SH512 for SHA512

            IF l_xorsum IS NULL THEN
                l_xorsum := l_last;
            ELSE
                l_xorsum := UTL_RAW.BIT_XOR(l_xorsum, l_last);
            END IF;
        END LOOP;

        l_result := UTL_RAW.CONCAT(l_result, l_xorsum);
    END LOOP;

    RETURN RAWTOHEX(UTL_RAW.SUBSTR(l_result, 1, p_key_length));
END pbkdf2;
/

最初在以下位置找到此代码: Oracle中的PBKDF2 ;我已经确认它可以在我自己的SHA-1，SHA-256和SHA-512系统上运行.请注意，p_count是迭代次数，而p_key_length是键的长度.请参阅此问题以获取更多信息，有关PBKDF2的建议迭代次数和建议密钥长度.

This code was originally found here: PBKDF2 in Oracle; I've confirmed that it works on my own system in SHA-1, SHA-256, and SHA-512. Note that p_count is the number of iterations and p_key_length is the length of the key. See this question for more information on the recommended number of iterations and recommended key length for PBKDF2.

希望这会有所帮助.

这篇关于如何在Oracle 12c中使用PBKDF2?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！