How Oracle Stores Passwords article updated through 12.2

Added section on 11g and 12c SQLNET.ORA parameters.

WordPress article here.

A pdf of this article can be downloaded from my dropbox here.


3 Responses to How Oracle Stores Passwords article updated through 12.2

  1. Pingback: PBKDF2 in Oracle 12c | seanstuber

  2. mabaluda says:

    Thanks for your very useful post!
    The code in wordpress is unfortunately broken, the function create_12c_password_hash does not compile.

    Looking at the PDF I see that the external loop in create_12c_password_hash is useless because v_octet_blocks is constant and is always 1.
    Also, the case statement in the inner loop can be avoided by initializing v_f_xor_sum to utl_raw.cast_from_binary_integer(0);


    • Thank you for reading and the feedback. WordPress “formatted” my code, causing errors in the html rendering. I’ve fixed the errors and reposted. Thank you again.

      You are correct that the loop isn’t necessary. However I chose to leave it in place so the code would still follow the PBKDF2 algorithm as documented in the RFC. I simplified it by declaring constants for values that should be parameters in a general-purpose implementation; but the code flow should be essentially the same as that described in the RFC.

      I have updated the code with the loop counter defined as a constant though, since it’s not variable within this implementation and removed the case by seeding the 1st set of values directly.

      Thanks again!


Questions and Comments always welcome

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: