DevOps and System Administration Discussions
Dive into SAP DevOps and system administration. Join discussions to collaborate on optimizing workflows, share knowledge, and leverage resources effectively.
cancel
Showing results for 
Search instead for 
Did you mean: 

Technical design: comparison of new passwords with the password history

timkudla
Participant
163

Hi Community,

due to an inquiry, I stumbled over the following question and could neither answer the question myself nor find an answer online:

How does SAP ensure that the system parameter login/min_password_diff is used to monitor the number of changed digits in a password without storing the passwords in plain text?

As far as I know, the passwords are stored as salted hashes. The hash functions should be cryptological hash functions, so that on the one hand they only work in one direction, on the other hand and much more importantly, that the change of a single digit creates a "maximum" change of the hash. But how can you monitor that more than one digit differs, if this has already changed the hash significantly and does not match the previous password hash?

Thanks in advance for an answer!

Best Regards

Tim

0 REPLIES 0