Oracle PL/SQL produce the same hash as PERL crypt

Question

My company is in the middle of migrating their old application (perl) into their new application (oracle apex). We currently have all of our internal processes up and running on oracle apex, while all of our merchants still use the old application. I'm creating the merchant setup in apex (our support users set up merchant accounts for them), in which part of this setup I need to create the logins for the merchant to use. The problem is that our old application used the perl crypt function to hash our merchants passwords, so my custom hash in apex does not match the same digest thus not allowing the merchants to sign in. I'm wondering if I have the code to create the exact same salt as the old application, can oracle's DBMS_CRYPTO replicate the exact same hash as the perl crypt function? $cpw = crypt ($pw, $salt);

Update Sep 09 2022: To avoid a scheduled maintenance and having to import jars into the db, i'm looking into an alternative solution that involves taking the password hashing code out of the original application and re-creating it in it's own cgi file. Then using apex_web_service.make_rest_request to POST our user's password and have the script that contains the crypt() function handle hashing of the password.

Answer 1

If you have Java enabled in the database then you may be able to (untested):

1. Use the loadjava utility to import the apache.commons.codec library which contains the org.apache.commons.codec.digest.Crypt class.

2. Create a PL/SQL function to wrap the Java method:

   CREATE OR REPLACE FUNCTION CRYPT(
     i_key  IN VARCHAR2,
     i_salt IN VARCHAR2
   ) RETURN VARCHAR2
   AS LANGUAGE JAVA
   NAME 'org.apache.commons.codec.digest.Crypt.crypt(java.lang.String, java.lang.String) return java.lang.String';
   /
   

Then you can call that function and compare it to Perl.