Database Reference
In-Depth Information
my $iv = pack('H*', "0000000000000000");
my $c = new Crypt::CBC(
-literal_key => 1,
-cipher => "DES",
-key => $key,
-iv => $iv,
-header => "none");
my $key2 = substr($c->encrypt($user_pass), length($user_pass)-8, 8);
my $c2 = new Crypt::CBC(
-literal_key => 1,
-cipher => "DES",
-key => $key2,
-iv => $iv,
-header => "none");
my $hash = substr($c2->encrypt($user_pass), length($user_pass)-8, 8);
return uc(unpack('H*', $hash));
}
Oracle Network Encryption
The following demonstration is very important. Oracle has made network encryption free of charge to use with all
versions of their database, from client to server. The barrier to implementing this encryption is mainly the complexity
of setting it up. The point to understand here is that it is actually very simple to encrypt Oracle network traffic without
causing performance issues. This has been tested by me, and I recommend that you implement the following
approach, or something similar, on your Oracle servers, as it is free and results in a large risk reduction.
First, there will be an Oracle SQL*PLUS
Client A
, talking to Oracle
Server B
(both 12.1c), with a network packet
dump in the middle. This is shown below, and you can see the session is in plaintext.
root@orlin $ tcpdump -i eth0 -nnXSs0 dst port 1521
00:59:45.667329 IP 192.168.1.2.49502 > 192.168.1.3.1521: Flags [P.], seq 2016180222:2016180555, ack
1072654637, win 16361, length 333
0x0000: 4500 0175 16f2 4000 8006 5f3b c0a8 0102 E..u..@…_;....
0x0010: c0a8 0103 c15e 05f1 782c 77fe 3fef 692d .....^..x,w.?.i-
0x0020: 5018 3fe9 f6d5 0000 0000 014d 0600 0000 P.?........M....
0x0030: 0000 1169 12fe ffff ffff ffff ff01 0000 …i............
0x0040: 0000 0000 0001 0000 0003 5e13 6180 0000 ..........^.a…
0x0050: 0000 0000 feff ffff ffff ffff 1c00 0000 ................
0x0060: 0000 0000 feff ffff ffff ffff 0d00 0000 ................
0x0070: 0000 0000 feff ffff ffff ffff feff ffff ................
0x0080: ffff ffff 0000 0000 0100 0000 0000 0000 ................
0x0090: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x00a0: 0000 0000 0000 0000 0000 0000 feff ffff ................
0x00b0: ffff ffff 0000 0000 0000 0000 feff ffff ................
0x00c0: ffff ffff feff ffff ffff ffff f03d d401 .............=..
0x00d0: 0000 0000 0000 0000 0000 0000 feff ffff ................
0x00e0: ffff ffff feff ffff ffff ffff 0000 0000 ................
0x00f0: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x0100: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x0110: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x0120: 0000 0000 1c73 656c 6563 7420 2770 6c61 .....select.'pla
