RANDOM considered dangerous?

2018-06-25 15:16:28

Our database team wants to revoke execute on DBMS_RANDOM from PUBLIC to address security issues. If you google for it, some security experts consider the package dangerous, but fail to say why. Ingram and Shaul's book "Practical Oracle Security" states

...granting PUBLIC access to DBMS_RANDOM in environments where the function is used in cryptographic key generation could lead to compromise of the encrypted data...

The Oracle documentation says

DBMS_RANDOM is not intended for cryptography.

... and ...

DBMS_CRYPTO.RANDOMBYTES ... returns a RAW value containing a cryptographically secure pseudo-random sequence of bytes, which can be used to generate random material for encryption keys.

So, DMBS_RANDOM seems to be fine for generating pseudorandom numbers (as long as you don't fabricate passwords with it). Why on earth is this too dangerous for PUBLIC?

The reason why DBMS_RANDOM should not be granted to PUBLIC, when using it for crypto key generation, is that an attacker could use it to determine seed values and/or patterns in the key generation, that could be used to determine the key the data is encrypted with. This is why it could lead to compromise of the encrypted data. It certainly is not an easy attack, but it is possible for someone with enough processing power.

DBMS_RANDOM should not be used for crypto because it is too predictable. For crypto key generation, only a secure random function should be used. These functions attempt to get as random as possible by measuring things like white noise and producing values off of it.

链接地址: http://www.djcxy.com/p/71752.html

上一篇: 基于分类和分支的Mysql排名

下一篇: RANDOM认为危险？