https://community.sap.com/t5/application-development-and-automation-discussions/password-encryption-algorithm/m-p/2140887#M450978 <HTML><HEAD></HEAD><BODY><P>Hello, Regarding password encryption, which algorithm is used by SAP for password encryption? Is it one of the standard algorithms, or is it proprietary? Thanks in advance for any responses...</P></BODY></HTML> Thu, 19 Apr 2007 22:32:47 GMT Former Member 2007-04-19T22:32:47Z https://community.sap.com/t5/application-development-and-automation-discussions/password-encryption-algorithm/m-p/2140887#M450978 <HTML><HEAD></HEAD><BODY><P>Hello, Regarding password encryption, which algorithm is used by SAP for password encryption? Is it one of the standard algorithms, or is it proprietary? Thanks in advance for any responses...</P></BODY></HTML> Thu, 19 Apr 2007 22:32:47 GMT https://community.sap.com/t5/application-development-and-automation-discussions/password-encryption-algorithm/m-p/2140887#M450978 Former Member 2007-04-19T22:32:47Z https://community.sap.com/t5/application-development-and-automation-discussions/password-encryption-algorithm/m-p/2140888#M450979 <HTML><HEAD></HEAD><BODY><P>Ron,</P><P></P><P>There are several different algorithms depending on what SAP version you are on.</P><P></P><P>Read the following for older versions:</P><P>&lt;a href="http://www.openwall.com/lists/john-users/2005/12/11/1"&gt;http://www.openwall.com/lists/john-users/2005/12/11/1&lt;/a&gt;</P><P></P><P>after netweaver 6.4 the password hash algorithm changed from MD5 to SHA-1. </P><P></P><P>In addition the newer versions have much greater security due to being case sensitive, length and the way they are stored.</P><P></P><P>Cheers,</P><P></P><P>Ben</P></BODY></HTML> Thu, 19 Apr 2007 22:39:44 GMT https://community.sap.com/t5/application-development-and-automation-discussions/password-encryption-algorithm/m-p/2140888#M450979 Former Member 2007-04-19T22:39:44Z https://community.sap.com/t5/application-development-and-automation-discussions/password-encryption-algorithm/m-p/2140889#M450980 <HTML><HEAD></HEAD><BODY><P>With nearly every release (and sometimes even with a patch) new password encoding mechanisms ("code versions") or password rules / features have been implemented.</P><P></P><P>With NetWeaver 7.0 a major step was taken by supporting longer and now case-sensitive passwords (see &lt;a href="https://service.sap.com/sap/support/notes/1023437"&gt;SAP Note 1023437&lt;/a&gt;).</P><P></P><P>With NetWeaver 2007 (7.10) random-salted password hash algorithms will be supported (see &lt;a href="https://service.sap.com/sap/support/notes/991968"&gt;SAP Note 991968&lt;/a&gt;).</P><P></P><P>Cheers, Wolfgang (just returned from vacation)</P></BODY></HTML> Fri, 20 Apr 2007 20:11:35 GMT https://community.sap.com/t5/application-development-and-automation-discussions/password-encryption-algorithm/m-p/2140889#M450980 Wolfgang_Janzen 2007-04-20T20:11:35Z https://community.sap.com/t5/application-development-and-automation-discussions/password-encryption-algorithm/m-p/2140890#M450981 <HTML><HEAD></HEAD><BODY><P>Hi there,</P><P>have a look at this overview of the various possible password hash algorithms:</P><P></P><P><A href="http://www.daniel-berlin.de/security/sap-sec/password-hash-algorithms/">http://www.daniel-berlin.de/security/sap-sec/password-hash-algorithms/</A></P><P></P><P>Regards,</P><P>Daniel</P></BODY></HTML> Thu, 14 Mar 2013 18:05:09 GMT https://community.sap.com/t5/application-development-and-automation-discussions/password-encryption-algorithm/m-p/2140890#M450981 Former Member 2013-03-14T18:05:09Z