2.14 ALLOW_WEAK_CRYPTO
ALLOW_WEAK_CRYPTO controls whether deprecated or weak
algorithms can be specified when using the DBMS_CRYPTO package.
| Property | Description |
|---|---|
|
Parameter type |
Boolean |
|
Default value |
|
|
Modifiable |
|
|
Modifiable in a PDB |
Yes |
|
Range of values |
|
|
Basic |
No |
|
Oracle RAC |
Different instances can use different values. |
Setting this parameter to FALSE disallows the use of the
following deprecated or weak algorithms when using the DBMS_CRYPTO
package:
-
Hash/HMAC:
HASH_MD5,HASH_SHA1,HMAC_MD5,HMAC_SHA1 -
Password-based encryption:
ENCRYPT_PBE_MD5DES -
Signatures:
SIGN_SHA1_RSA,SIGN_SHA1_RSA_X931 -
Encryption using the following symmetric ciphers is disallowed:
ENCRYPT_DES,ENCRYPT_3DES_2KEY,ENCRYPT_3DES,ENCRYPT_RC4. Decryption using these ciphers is allowed to preserve backward compatibility with previously encrypted data.
The default setting of TRUE allows the use of all of the
aforementioned algorithms for encryption and decryption.
Note:
This parameter is available starting with Oracle AI Database 26ai.