Oracle Database 11 g - Online Public Access Catalog

226 CHAPTER 5 ■ DATABASE SECURITYwith the additional consumption of resources, companies are choosing to be compliant tomitigate internal threat.Stronger Password Hash AlgorithmStarting in Oracle Database 11g, the SHA cryptographic hash function SHA-1 became the newalgorithm for password hashing. SHA-1 is a 160-bit hash employed in several widely used securityapplications and protocols, including TLS and SSL, PGP, SSH, S/MIME, and IPsec. MD5, anearlier 128-bit widely used hash function, is considered its successor. From a performanceperspective, SHA-1 is slightly slower than MD5 but produces a larger message digest, thusmaking SHA-1 more secure against brute-force attacks.Hash functions generate the same output for a specified input and produce the same textfor password values. SALT is a random value added to the data before it is encrypted. SALT inhashing algorithms strengthens the security of encrypted data by making it more difficult forhackers to crack using standard pattern-matching techniques. SALT is employed by the OracleDatabase 11g user password hashing algorithm.SHA-1 encryption commonly used in the industry provides much better security withoutforcing a network upgrade. Known in the industry as the strong hash algorithm, SHA-1 encryptionalgorithm enables Oracle Database 11g to meet stringent compliance regulations and strongpassword requirements.Security Out of the BoxOracle Database 11g heightens database security to another level. Oracle wants to make itscustomers aware that database security is critical. In recent years, internal employees contributemore and more to information security breaches. Now, when you create a database using theDatabase Configuration Assistant (DBCA), Oracle by default will create the database with thenew level of security settings. These security settings include database audits of relevant SQLstatements and privileges and modifications to the default profile. Moreover, DBCA will automaticallyset the AUDIT_TRAIL initialization parameter to DB.■Note You can also modify the AUDIT_TRAIL parameter to EXTENDED_DB for enhanced auditing if yourapplication requires SQL statement–level or bind variable information.The new security settings checkbox will be set to default when creating a database using DBCAor when installing the Oracle Database 11g software. If you do not want to turn on Oracle Database11g–enhanced auditing, Oracle provides another radio button to revert to the Oracle Database 10gand earlier security settings, which includes reverting the auditing and password profile options.Figure 5-1 shows the new Oracle Database 11g Security Settings page for database creation.