Unencrypted password length vs. Encrypted password length

Similar Messages

• How to compare the texted password with the encrypted password of dba_users

  Hi,
  I have Oracle 10g in my system. I know dba_users table has information of all the created users of the oracle, along with their encrypted passwords.If I want to make a login page based on this table ,how could I compare the password in that case?
  In above situation, I am getting the username with the regular texted password for authentication check. How can we checked this texted password with the encrypted password of dba_users, for the respective username?
  Your input would be appreciated.

  Try use the username/password from login page to create an connection to database.

• The length of the password entry field in the BEx Analyser

  Hi,
  The password is 8 characters in the BW system.
  When users changing their newly assigned passwords. When logging into the BEx Analyser, and prompted to change the password, a password entry box is displayed, with an entry field longer then 8 characters. Some users are therefore entering passwords longer then 8 characters. This is fine when they first login, but when they try come back to the system, their logon fails.
  Can something be done to restrict the length of the password entry field in the BEx Analyser?
  Many Thanks
  Jonathan

  Hi Jonathan
  we are having the same problem - did you find a way to resolve this?  I did not find any SAP notes referring to the issue.
  Regards
  Hayley

• Default Encrypted  Password

  Dear All,
  i want to insert encrypted Password of 'password' string into table user_dtl column PASSWORD .
  How can i insert Encripted password into table.
  Thanks

  Hi Vedant,
  See the CUSTOM_HASH function that is installed with sample application in the APEX.
  Here is the code for it:
  create or replace function custom_hash (p_username in varchar2, p_password in varchar2)
  return varchar2
  is
    l_password varchar2(4000);
    l_salt varchar2(4000) := 'XFSPL28ZTWEWWM6FHWMK68AG5NQVLU';
  begin
  -- This function should be wrapped, as the hash algorithm is exposed here.
  -- You can change the value of l_salt or the method of which to call the
  -- DBMS_OBFUSCATOIN toolkit, but you much reset all of your passwords
  -- if you choose to do this.
  l_password := utl_raw.cast_to_raw(dbms_obfuscation_toolkit.md5
    (input_string => p_password || substr(l_salt,10,13) || p_username ||
      substr(l_salt, 4,10)));
  return l_password;
  end;
  i want to insert encrypted Password of 'password' string into table user_dtl column PASSWORD.The above function will give the encrypted password which can be inserted into USER_DTL as follows:
  INSERT INTO USER_DTL(USERNAME,PASSWORD) VALUES(:P1_USERNAME, CUSTOM_HASH(:P1_USERNAME,:P1_PASSWORD))Be sure that PASSWORD column in USER_DTL is of type VARCHAR2 and of adequate length as to accommodate the encrypted password.
  Hope it helps!
  Regards,
  Kiran

• Decrypt the encrypted password

  Hi there,
  I have been scratching my head for some time to fix one issue. We are planning to change the plateform/technology and we need to bring over existing login to new system. In order to have the same password I need to decrypt the password before I send it to new system. When we stored the password, it encrypts them and stores it in database. I am using following code to decrypt it. it's not worlking . This is error I am getting.
  Given final block not properly padded
  Here is some more information:
  Key is :javax.crypto.spec.SecretKeySpec@18f3a
  Format is :RAW
  getAlgorithm() is :DES
  String encrypted = abcdefgh
  Provider is: com.sun.crypto.provider.SunJCE()
  This is my code to decrypt which throws error " Given final block not properly padded" :
  public String decrypt(String encrypted){
            Cipher ci = null;
            byte [] result = null;
            try {
                 ci = Cipher.getInstance("DES");
                 ci.init(Cipher.DECRYPT_MODE, key);
                 System.out.println("CryptoUtil()" +"before hexToByteArray. Byte Data: "+encrypted);
                 byte [] encryptedData = hexToByteArray(encrypted, false);
                 //Log.out("CryptoUtil()" +"after hexToByteArray. lenth: "+ encryptedData.length);
                 result = ci.doFinal(encryptedData);
            catch (Exception e) {
                 System.out.println("CryptoUtil()" +"ERROR: "+ e.getMessage());
                 return encrypted;
            String strResult = new String(result);
            return strResult;
  Please help.
  Thank you.

  These are the two values I am getting for encrypted password:
  97654de7857cd9aab331995cba044fc6
  a125a6b2a71e23adc002ac7fbe1a1042
  Is this a hex code?
  I think the key is: abcdefgh
  This is my code to encrypt and decrypt:
        * empty constructor
        * @param keydata
       public CryptoUtil(String keydata){
            if (keydata.trim().equals("")){
                 logDebug("CryptoUtil()" +" Constructor didn't get a valid key!");
                 usage();
                 System.exit(0);
            }else{
                 keyBytes = keydata.getBytes();
                 key = new SecretKeySpec(keyBytes, 0, keyBytes.length, "DES");
            try {
                 Provider sp = new com.sun.crypto.provider.SunJCE();
                 //logDebug("CryptoUtil() " + sp.getInfo());
                  Security.addProvider(sp);
                }catch (Exception ex) {
                       logDebug("CryptoUtil() " +"Problem loading crypto provider \n error:"+ex.getMessage());
                 usage();
                  System.exit(0);
        * Encrypt
        * @param s
       public String encrypt(String s){
            Cipher ci = null;
                byte [] result = null;
                try {
                 ci = Cipher.getInstance("DES");
                 ci.init(Cipher.ENCRYPT_MODE, key);
                 result = ci.doFinal(s.getBytes());
                }catch (Exception e) {
                      logDebug("CryptoUtil()" +"ERROR: "+ e.getMessage());
            String strResult = byteArrayToHex(result);
                return strResult;
        * decrypt a card number
        * @param encrypted
       public String decrypt(String encrypted){
            Cipher ci = null;
                byte [] result = null;
                try {
                 ci = Cipher.getInstance("DES");
                 ci.init(Cipher.DECRYPT_MODE, key);
                 //Log.out("CryptoUtil()" +"before hexToByteArray. Byte Data: "+encrypted);
                 byte [] encryptedData = hexToByteArray(encrypted, false);
                 //Log.out("CryptoUtil()" +"after hexToByteArray. lenth: "+ encryptedData.length);
                 result = ci.doFinal(encryptedData);
                catch (Exception e) {
                 logError("CryptoUtil()" +"ERROR: "+ e.getMessage());
                 return encrypted;
            String strResult = new String(result);
            return strResult;
       static final String hexDigitChars = "0123456789abcdef";
        * @param a
       public static final String byteArrayToHex(byte [] a) {
            int hn, ln, cx;
            StringBuffer buf = new StringBuffer(a.length * 2);
            for(cx = 0; cx < a.length; cx++) {
                  hn = ((int)(a[cx]) & 0x00ff) / 16;
                  ln = ((int)(a[cx]) & 0x000f);
                  buf.append(hexDigitChars.charAt(hn));
                  buf.append(hexDigitChars.charAt(ln));
                  buf.append(' ');
           return buf.toString();
        * @param str
        * @param rev
       public static final byte [] hexToByteArray(String str, boolean rev) {
            StringBuffer acc = new StringBuffer(str.length() + 1);
            int cx, rp, ff, val;
            char [] s = new char[str.length()];
            str.toLowerCase().getChars(0, str.length(), s, 0);
            for(cx = str.length() - 1, ff = 0; cx >= 0; cx--) {
            if (hexDigitChars.indexOf(s[cx]) >= 0) {
                 acc.append(s[cx]);
                 ff++;
             }else {
                 if ((ff % 2) > 0) acc.append('0');
                      ff = 0;
            if ((ff % 2) > 0) acc.append('0');
            byte [] ret = new byte[acc.length() / 2];
            for(cx = 0, rp = ret.length - 1; cx < acc.length(); cx++, rp--) {
                  val = hexDigitChars.indexOf(acc.charAt(cx));
                  cx++;
                  val += 16 * hexDigitChars.indexOf(acc.charAt(cx));
                  ret[rp] = (byte)val;
            if (rev) {
                  byte tmp;
                  int fx, bx;
                  for(fx = 0, bx = ret.length - 1; fx < (ret.length / 2); fx++, bx--) {
                      tmp = ret[bx];
                      ret[bx] = ret[fx];
                      ret[fx] = tmp;
            return ret;
  Will that give you any more information to help me?

• Storing Encrypted passwords in SQL database

  Hey folks!
  I'm trying to encrypt a password to be put into a SQL database and then be decrypted when I pull it out to log a user in. Currently I can encrypt and store the password fine, but it's the grabbing and decrypting that is giving me troubles.
  Sometimes I do get the correct string back from the decrypted database string, but not very often. The main error I get is BadPaddingException, which I've read in the forum is something to do with key/string descrepancies. I sometimes get a IllegalBlockSizeException as well.
  When I look at the ASCII bytes stored in the database they are different from what is shown when I print them out on the screen using IE5.5.
  I'm wondering if anyone out there has run into similar problems and overcame, or could help me along in the right direction. Thnx!
  PJ

  What you need to do is a combination of what has been said here. Let's say you are working with a MS SQL Server, encrypting with 3DES. You have your key located somewhere on the system and use that (or something else that is specific to that record).
  1.) In your app, encrypt the text
  2.) Base64 Encode it so you can shove it in the database (I have also put this as RAW bytes in an Oracle DB)
  3.) make sure, when you are testing, that you check the length of the Base64 Encrypted Text you put in the database. SQL Server might add on extra characters to fill the field. i.e. if you are storing it in a varchar(250) field and you only fill 50 chars with your encrypted password, SQL Server might pad it with the extra 200. This will mess with your padding and throw an exception during the decryption process. I think I got around this with a simple TRIM statement when retrieving.
  4.) Retrieve the text with a SQL statement
  5.) Base64 Decode the text to get a byte array
  6.) Use the decryption algorithm with your original key on the byte array.
  I think that's it. Very quick. Low overhead on the server. Optimally, you would want to clear this from memory...blah blah blah....I could go on ;-p
  I have a small API I've written for this using 3DES that has been working great ever since JCE 1.0. All I have to do is keygen a new key whenever I want to use it again.
  Hope this helps,
  RG

• AES Encryption - Encrypted value lengths

  HI all -
  I am attempting to use CF 8's AES encryption feature, and
  have not found a critical piece of info in the docs to enable me to
  progress.
  I am using the function to encrypt a password that can be
  from 6 to 16 characters long, which will be stored in a database. I
  am using generateSecretKey("AES"), and that gives me a 24 character
  key that I'm storing for future decryption use. I find that when I
  use the key to encrypt a 6 character password the resulting
  encrypted string is 32 characters long, but when I encrypt a 16
  character password I get a 64 character encrypted string. This is
  the case whether I specify "HEX" or "UU" as the encoding.
  Without knowing how the length of the resulting encoded
  string is determined, I cannot know how large to make my database
  column. (MySQL's AES encryption gives the formula 16 ×
  (trunc(string_length / 16) + 1) to arrive at the resulting string's
  length, but that formula doesn't yield the results I'm seeing in
  CFMX). Can anyone point me to a doc, or explain to me how to
  determine the column length for storing the resulting encrypted
  value?

  No. Only things like key, encoding and string size should
  matter. If the encoding is "hex", 1-15 characters should produce
  size 32, 16-31 characters should produce 64, etcetera. Unless space
  is at a premium, you could always increase the field size if that
  makes you feel more comfortable.
  Well, the results are dictated by the AES standard and basic
  string encoding rules, not CF. I highly doubt either one is going
  to change any time soon ;-) I agree documentation is good. However,
  unlike aes_encrypt, the encrypt function supports many different
  algorithms. Most of which have a distinct set of rules. So it would
  probably be difficult to provide accurate information about all of
  them. Especially as the specifications for each one alone probably
  spans volumes ;-)

• Please help: Encrypt Password

  Very small query which has confused me a lot.....
  I have to encrypt passwords and save them in to database, I am not getting where to start as I do not know anything about java encryption packages or other things.
  Please let me know where can I find the names of all the algorithms and it will be very nice if u can tell me that which one should I use.
  thanx

  Hi,
  MD5 and SHA-x Algorithms do not encrypt, these are so called hash algorithms which means they create a (hopefully) unique, fixed length byte array from what you give as input. Usually that is a way to store Passwords because you never need to decrypt a password (in the case of hash algorithms you are not able to do so anyway). If a user signs in, you hash his password and compare that created hash with the stored hash value. If they are equal, you can be sure enough (1:2^100 or something as chance that two different passwords create the same hash code) that the user knew his password. I know a lot of eBusiness plattforms that store passwords as MD5 or SHA-1 hash values. I think they can be seen as secure enough for such purposes.
  Another story if you need the password in cleartext (maybe to start a batch process) but you don't want to store it as clear text. Then you have to encrypt the password and decrypt it when needed. But then you run into the problem where to store the encryption key so that nobody can decrypt your password with that.
  The public key encryption is only usefull if you need to create a so called secret between two parties via an unsecure communication media. Like the HTTPS protocol does. The browser and the web server are exchanging public information (public keys) and then they are able to communicate secure without the need to share sensitive information in advance. But that is definitely not needed for your scenario.
  The HMAC is another completely different story. It just says that you "can" use the MAC address of your Network adapter for the hash algorithm, but you don't need to do so. Since it is hard to read the MAC address from java I would not suggest to go in that direction.
  I that now light enough? ;-)
  Stephan

• How to encrypt password in Forms10g while calling in batch mode

  We are migrating our Forms 6i batch jobs to Forms10g. There are two ways we can pass login
  information.
  1. In formsweb.cfg
  2. Pass in URL string 'userid=username/password@connectstring'
  In both cases the password is not secured. In option # 1 password is in the configuration file in plain text. In
  second option # 2, its in the URL.
  BTW, we are using HTTPS protocol while calling form in batch mode and we are not using SSO.
  Is there a way, we can use data source in frmservlet while calling form in batch mode. Like in Java, we can create data source with indirect password, the password is encrypted.
  Basically, we would like to encrypt our password, we have very strict security guidelines.
  Please let us know if there are any options, how to encrypt password in Forms 10g
  Regards,
  Gufran

  One option maybe the following :
  - Create a file holding the encrpyted username/password on the application server side (in the working directory of your oracle forms application)
  - As a parameter, pass the name of your file to the form
  - when the form is getting called, read the name file in (TEXT_IO) and use the logon built-in with the value from the password file
  How to create an encrpyted file :
  - use the obfuscation toolkit to encrypt username/password@instance into a varchar2
  - write this value to a file using oracle forms (TEXT_IO)
  FUNCTION f_encrypt_string(p_key IN VARCHAR2)
  RETURN VARCHAR2 IS v_encrypt_string VARCHAR2(2000) := 'N/A';
  l_data VARCHAR2(2000);
  BEGIN
  -- if neccessary create a text where the length of the string
  -- is diviteable by 8 (which is a requirement of dbms_obfuscation_toolkit)
  l_data := RPAD(p_key, (TRUNC(LENGTH(p_key)/8)+1)*8, CHR(0));
  DBMS_OBFUSCATION_TOOLKIT.DESEncrypt(input_string => l_data,
  key_string => 'MagicKey',
  encrypted_string=> v_encrypt_string);
  RETURN (v_encrypt_string);
  END;
  Edited by: user434854 on Apr 8, 2009 5:17 AM

• Android encryption password minimum requirements

  Our office wil be buying a number of android smartphones soon and we will be encrypting them.
  I want to reach out to our users ahead of time and have them come up with a password that they won't mind typing frequently.  I haven't been able to find out what the requirements are for an Android encryption password (not PIN)
  I'm seeing varying requirements.  one device seems to require 8 character passwords, I've seen another require 6.  I checked my own phone and it seems to only require a 4 character password.
  am I correct in assuming that the minimum password length is set by whoever creates the ROM?
  if so, what does Verizon set theirs to and where can I find that information documented?
  Thanks!

  No, I am talking about the built in encryption in android.  While, yes, if you decide to encrypt, Android links the lock screen password to the encryption if it meets the requirements.  there is no third party app required for device encryption.
  This article refers to a 6 character minimum:
  http://www.tomsguide.com/us/how-to-encrypt-android-device,news-17774.html
  but like I said, I just tried to encrypt my personal phone and it seemed to be happy with a 4 character password.
  so are the minimum requirements set by Android, or by Verizon, and where can I find them?

• How can i find my encryption password?

  i totally forgot my encryption password and i need help...

  Hello APaq17. Welcome to the Apple Discussions!
  According to my deskside support i need to figure out my SSID.
  The SSID is the same as the wireless Network Name. By default, your AirPort Express Base Station (AX) will broadcast a wireless network with a Network Name of "Apple Network NNNNNN" unless you changed it.
  How do i find my encryption type?
  By default, the AX's wireless network would be unencrypted. You enable wireless encryption by using the AirPort Utility. Depending on the model of your AX, it should be capable of providing the following security types: WEP, WPA, & WPA2.
  (ref: AirPort Utility > Select the AX > Manual Setup > AirPort > Wireless > Wireless Security)
  Where can i find my password or network key?
  Again this would be something you would have created when enabling wireless encryption.

• APEXExport Utility - Encrypt Password?

  Hi,
  I was wondering if there's a way to encrypt the password for the APEXExport utility? The utility works very nicely, but due to security purposes, I can't have the unencrypted password sitting there. I wanted to schedule it to run daily as a job, but the password would be an issue on the server.
  Thanks,
  Nora

  If you've licensed the Advanced Security Option for the database, you can use the Oracle Wallet Manager to store encrypted passwords for use with batch utilities and shell scripts.
  Tyler

• RBACx Encrypted Password Change Utility

  Hi all,
  In the OIA/SRM installation guide, there is a reference to a tool, to find out the password of rbacxservice.
  "Oracle Identity Analytics utilizes an encrypted password when communicating with the database.
  To change the default database password, use the RBACx Encrypted Password Change Utility"
  Could you please help me finding out this tool.
  Many thanks in advance.
  Warm regards,
  Manipradeep Sunku.

  The mentioned tool only encrypts the password so that you don't have to store a plain text password in the config file. It does not decrypt it. The default rbacxservice password is rbacxservice.
  The tool does not come with the OIA/SRM distribution so if you need it, you will need to contact support.

• Reset encryption password for NEW iPhone backups

  Hello Everyone,
  I have an iPhone and iPad which are currently working perfectly.  However during testing I figured out that I somehow lost my iTunes backup encryption password.  As such I figured I would just change the backup password, delete the old backups, and create NEW backups for which I do know the password to and all would be good (and ready for a future device failure.) 
  However it appears that iTunes will not allow you to change or disable the encryption password for NEW backups without first knowing the old encryption password.  Does anyone know if a way around this?
  Thank you for your time.

  Thanks!

• Encrypted Password in AIAConfigurationProperties.xml

  Hi,
  During the installation of Primavera P6 to EBS Projects PIP, the Password is getting encrypted in the Service Configuration in AIAConfigurationProperties.xml. Is there any script that we can run so that we can avoid the encryption of the password there by having the flexibility to change the un-encrypted Password as and when required?
  <Property name="User.P6EPPM_01.Name">primavera</Property>
  <Property name="User.P6EPPM_01.pwd">Se8bfsuMJNvYmKB4mg9L3w==</Property>
  Your pointers will be highly appreciated!
  Regards,
  Chaitanya

  Try this:
  There's a script that can be used to re-encrypt a new password. If the cleartext password is, say, welcome1, do the following -
  - Go to AIA_HOME/Infrastructure/install/install/wlscripts/config
  - Run command: ./encrypt.sh welcome1
  This is useful for re-encrypting any of the passwords that are captured during installation in the deploy.properties file. I can't say for sure that it is the same encryption that is used for the P6 credentials, but it's worth a try.