Hashing in SQL Server and Oracle for the same output

Thanks go out to my colleagues for testing this out further, but we were testing out a way to get Oracle to generate hash values with the same output as the default SQL Server MD5 hashbytes function. In previous projects I used to rely on the DBMS_CRYPTO package in Oracle but this requires additional privileges. So if there is a some red tape to cut through the following code using the DBMS_OBFUSCATION_TOOLKIT works as well, and you can pass this in one go without requesting additional privileges or creation custom functions. Using a standard sanding of a pipe (‘|’) character you can call the DBMS_OBFUSCATION_TOOLKIT for MD5 in one statement like this:

UPPER(CAST(
 RAWTOHEX (SYS.DBMS_OBFUSCATION_TOOLKIT.MD5 (input_string =>
 NVL('<attribute A>','NA') || '|' ||
 NVL('<attribute B>', 'NA' || '|' ||
 NVL('<attribute C>', 'NA' || '|'
)) AS CHAR(32)))

This yields the same result as the SQL Server counterpart with the syntax:

UPPER(CONVERT(
 CHAR(32),HASHBYTES('MD5',
 ISNULL(RTRIM('<attribute A>'),'NA')+'|'+
 ISNULL(RTRIM('<attribute B>'),'NA')+'|'+
 ISNULL(RTRIM('<attribute C>'),'NA')+'|'
),2))

I found it to be useful as DBMS_CRYPTO sometimes requires more effort to set up. Of course the logic needs to handle other datatypes than just character fields such as date / time and numeric values. Especially date / time values need some attention, but it all works OK applying the same conversion mask using the above examples as starting point.

Apparently the DBMS_OBFUSCATION is meant to be replaced by DBMS_CRYPTO over time according to this Oracle documentation:

http://docs.oracle.com/cd/B19306_01/appdev.102/b14258/d_crypto.htm#i1004143.

But for now we will probably stick with the obfuscation toolkit. We can always regenerate this later if we need to change.

 
Roelant Vos

Roelant Vos

You may also like...

1 Response

  1. March 29, 2016

    […] ‘sand’ Hash keys with delimiters (I use a pipe delimiter) as per Data Vault best practices. The built-in SQL Server MD5 or SHA1 […]

     

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.