Community
Application Development and Automation Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

Password Encryption Algorithm

Go to solution
Former Member

‎2007 Apr 19 11:32 PM

0 Likes
1,503

Hello, Regarding password encryption, which algorithm is used by SAP for password encryption? Is it one of the standard algorithms, or is it proprietary? Thanks in advance for any responses...

1 ACCEPTED SOLUTION
Read only

Go to solution
Former Member

‎2007 Apr 19 11:39 PM

0 Likes
757

Ron,

There are several different algorithms depending on what SAP version you are on.

Read the following for older versions:

<a href="http://www.openwall.com/lists/john-users/2005/12/11/1">http://www.openwall.com/lists/john-users/2005/12/11/1</a>

after netweaver 6.4 the password hash algorithm changed from MD5 to SHA-1.

In addition the newer versions have much greater security due to being case sensitive, length and the way they are stored.

Cheers,

Ben

3 REPLIES 3
Read only

Go to solution
Former Member

‎2007 Apr 19 11:39 PM

0 Likes
759

Ron,

There are several different algorithms depending on what SAP version you are on.

Read the following for older versions:

<a href="http://www.openwall.com/lists/john-users/2005/12/11/1">http://www.openwall.com/lists/john-users/2005/12/11/1</a>

after netweaver 6.4 the password hash algorithm changed from MD5 to SHA-1.

In addition the newer versions have much greater security due to being case sensitive, length and the way they are stored.

Cheers,

Ben

Read only

Go to solution
Wolfgang_Janzen
Product and Topic Expert
Product and Topic Expert

‎2007 Apr 20 9:11 PM

0 Likes
757

With nearly every release (and sometimes even with a patch) new password encoding mechanisms ("code versions") or password rules / features have been implemented.

With NetWeaver 7.0 a major step was taken by supporting longer and now case-sensitive passwords (see <a href="https://service.sap.com/sap/support/notes/1023437">SAP Note 1023437</a>).

With NetWeaver 2007 (7.10) random-salted password hash algorithms will be supported (see <a href="https://service.sap.com/sap/support/notes/991968">SAP Note 991968</a>).

Cheers, Wolfgang (just returned from vacation)

Read only

Go to solution
Former Member

‎2013 Mar 14 6:05 PM

0 Likes
757

Hi there,

have a look at this overview of the various possible password hash algorithms:

http://www.daniel-berlin.de/security/sap-sec/password-hash-algorithms/

Regards,

Daniel