2020 Apr 21 8:47 AM
Hi Community,
due to an inquiry, I stumbled over the following question and could neither answer the question myself nor find an answer online:
How does SAP ensure that the system parameter login/min_password_diff is used to monitor the number of changed digits in a password without storing the passwords in plain text?
As far as I know, the passwords are stored as salted hashes. The hash functions should be cryptological hash functions, so that on the one hand they only work in one direction, on the other hand and much more importantly, that the change of a single digit creates a "maximum" change of the hash. But how can you monitor that more than one digit differs, if this has already changed the hash significantly and does not match the previous password hash?
Thanks in advance for an answer!
Best Regards
Tim