[TL;DR] Gunakan STANDARD_HASH( RTRIM( :new.PASSWORD ), 'SHA256' ) karena Anda ingin membuat kata sandi di 'BruteForce' dan bukan 'BruteForce ' (dll.) diisi dengan spasi putih hingga panjang 64 karakter (yang menggunakan CHAR(64) akan memberi Anda).
Jika Anda tidak ingin menggunakan garam (yang seharusnya Anda gunakan di zaman sekarang ini) maka cukup potong kanan kata sandi untuk menghilangkan spasi kosong yang CHAR tipe data telah mengisi string dengan:
CREATE OR REPLACE TRIGGER client_hash_trigger
BEFORE INSERT ON client
FOR EACH ROW
BEGIN
SELECT STANDARD_HASH( RTRIM( :new.PASSWORD ), 'SHA256' )
INTO :new.PASSWORD
FROM DUAL;
END;
/
Kemudian:
CREATE TABLE client (
id NUMBER(10,0)
GENERATED ALWAYS AS IDENTITY
CONSTRAINT client__id__pk PRIMARY KEY,
password CHAR(64)
NOT NULL
);
INSERT INTO client (id, password) VALUES (DEFAULT, 'BruteForce');
Akan menghasilkan:
SELECT id, password FROM client;
Hashing dan Salting
Diadaptasi dari jawaban ini
Jika Anda juga ingin mengikuti praktik terbaik, maka Anda harus memberi garam kata sandi sebelum hashing:
CREATE TABLE client (
id NUMBER(10,0)
GENERATED ALWAYS AS IDENTITY
CONSTRAINT client__id__pk PRIMARY KEY,
password CHAR(64)
NOT NULL,
password_salt VARCHAR2(61)
NOT NULL
);
Maka pemicu Anda adalah:
CREATE TRIGGER client_hash_trigger
BEFORE INSERT OR UPDATE ON client
FOR EACH ROW
BEGIN
IF :new.PASSWORD = :old.PASSWORD THEN
-- Assume things haven't changed (The chances of a hash collision are vanishingly small).
-- Make sure the old salt is not replaced if the password hash hasn't changed.
:new.PASSWORD_SALT := :old.PASSWORD_SALT;
ELSE
-- Regenerate a new salt and hash the password.
:new.PASSWORD_SALT := DBMS_RANDOM.STRING( 'P', FLOOR( DBMS_RANDOM.VALUE( 40, 61 ) ) );
SELECT STANDARD_HASH ( :new.PASSWORD_SALT || RTRIM( :new.PASSWORD ), 'SHA256' )
INTO :new.PASSWORD
FROM DUAL;
END IF;
END;
/
Dan kemudian:
INSERT INTO client (id, password) VALUES (DEFAULT, 'BruteForce');
Dapat menghasilkan:
SELECT * FROM client;
db<>fiddle di sini
