Specifying an Initialization Vector
The encryption described in the previous section works very well for most situations. However some intruders are still one step ahead of us. One of the code-cracking tools (also known as cryptoanalysis ) they employ is to check the header information of the encrypted data to identify a pattern. To prevent this, you can add a non-data-related random value to the beginning of your actual data. This is a bit like creating some very simple encrypted data of your own. For example, if your actual data is 12345678, you could affix a random value, say 6675, before it to make it 667512345678, which can then be encrypted. The header information then contains some value related to 6675, not the actual data. When decrypting , you need to make sure to remove these random characters.
The random characters prefixed to the data are known as the initialization vector (IV). In the DBMS_OBFUSCATION_TOOLKIT, you specify this initialization vector in the DES3ENCRYPT function as an additional parameter called iv_string. Because the IV is prefixed to the actual data, the length of the combined string, not just the data, must be a multiple of eight. Let’s modify our encryption function to accept this parameter and make the length a multiple of eight.
/* File on web get_enc_val_3.sql */ CREATE OR REPLACE FUNCTION get_enc_val ( p_in_val IN VARCHAR2, p_key IN VARCHAR2, p_iv IN VARCHAR2 := NULL ) RETURN VARCHAR2 IS l_enc_val VARCHAR2 (200); l_in_val VARCHAR2 (200); l_iv ...