User's Manual
Solving Security Challenges with Oracle Advanced Security
Introduction to Oracle Advanced Security 1-7
197, Advanced Encryption Standard (AES) is a new cryptographic algorithm
standard developed to replace DES. AES is a symmetric block cipher that can
process data blocks of 128 bits, using cipher keys with lengths of 128, 192, and 256
bits, which are referred to as AES-128, AES-192, and AES-256, respectively. All three
versions operate in outer-CBC mode.
Data Integrity
To ensure the integrity of data packets during transmission, Oracle Advanced
Security can generate a cryptographically secure message digest—using MD5 or
SHA-1 hashing algorithms—and include it with each message sent across a
network.
Data integrity algorithms add little overhead, and protect against the following
attacks:
■ Data modification
■ Deleted packets
■ Replay attacks
Federal Information Processing Standard
Oracle Advanced Security Release 8.1.6 has been validated under U.S. Federal
Information Processing Standard 140-1 (FIPS) at the Level 2 security level. This
provides independent confirmation that Oracle Advanced Security conforms to
federal government standards. FIPS configuration settings are described by
Appendix D, "Oracle Advanced Security FIPS 140-1 Settings".
See Also:
■ Chapter 3, "Configuring Network Data Encryption and
Integrity for Oracle Servers and Clients"
■ Appendix A, "Data Encryption and Integrity Parameters"
Note: SHA-1 is slightly slower than MD5, but produces a larger
message digest, making it more secure against brute-force collision
and inversion attacks.
See Also: Chapter 3, "Configuring Network Data Encryption and
Integrity for Oracle Servers and Clients", for information about
MD5 and SHA-1.