How to use PBKDF2 in Oracle 12c?

Question

We want to save user passwords in Oracle 12c. I found the dbms_crypto-Package but there was no information about PBKDF2.

What\'s the current state in 2017 t

Answer 1

Your application server should be doing the PBKDF2 before it gets to the database - don't spend your precious, limited Oracle resources on that.

And don't let your DBA's see the passwords in plaintext, either, as they'd have to if Oracle is the one doing the hashing!

I have a variety of PBKDF2 examples in My github repository, including test vectors and, if you absolutely insist on doing it in Oracle, one pure SQL Server implementation that shouldn't be difficult to convert to PL/SQL.