Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

DBMS_RANDOM considered dangerous?

Our database team wants to revoke execute on DBMS_RANDOM from PUBLIC to address security issues. If you google for it, some security experts consider the package dangerous, but fail to say why. Ingram and Shaul's book "Practical Oracle Security" states

...granting PUBLIC access to DBMS_RANDOM in environments where the function is used in cryptographic key generation could lead to compromise of the encrypted data...

The Oracle documentation says

DBMS_RANDOM is not intended for cryptography.

... and ...

DBMS_CRYPTO.RANDOMBYTES ... returns a RAW value containing a cryptographically secure pseudo-random sequence of bytes, which can be used to generate random material for encryption keys.

So, DMBS_RANDOM seems to be fine for generating pseudorandom numbers (as long as you don't fabricate passwords with it). Why on earth is this too dangerous for PUBLIC?

Edit: Just found a new source, which claims that

DBMS_RANDOM: allows encrypting of data without requiring safe management of encryption keys.

This is nonsense, too, isn't it?

like image 495
wolφi Avatar asked Jun 06 '13 19:06

wolφi


1 Answers

The reason why DBMS_RANDOM should not be granted to PUBLIC, when using it for crypto key generation, is that an attacker could use it to determine seed values and/or patterns in the key generation, that could be used to determine the key the data is encrypted with. This is why it could lead to compromise of the encrypted data. It certainly is not an easy attack, but it is possible for someone with enough processing power.

DBMS_RANDOM should not be used for crypto because it is too predictable. For crypto key generation, only a secure random function should be used. These functions attempt to get as random as possible by measuring things like white noise and producing values off of it.

like image 95
Freedom_Ben Avatar answered Nov 13 '22 08:11

Freedom_Ben