Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

Hashcodes in SAP

Former Member
0 Kudos

Hi everybody,

SAP uses for the BCODE and for the PASSCODE a different hashcode.

If you have a ECC6.0 system, which one is there in function ?

Best regards

R.Kluge

3 REPLIES 3

Former Member

0 Kudos

Alternately start SE11 and choose USR02 field 'CODVN'. Double-click the data element XUCODEVER2 (Hash code versions for passwords) and then choose the "Documentation" button - or simply hit F1 anywhere else you can see the field.

Cheers,

Julius

WolfgangJanzen
Product and Topic Expert
Product and Topic Expert
0 Kudos

>

> Hi everybody,

> SAP uses for the BCODE and for the PASSCODE a different hashcode.

> If you have a ECC6.0 system, which one is there in function ?

> Best regards

> R.Kluge

ECC 6.0 is using SAP_BASIS 7.0x

So, by default (login/password_downwards_compatibility = 1) will calculate both hash values - one for it's own usage (PASSCODE) and [the other one to distribute to older CUA systems|https://service.sap.com/sap/support/notes/1300104]. If you are not using CUA (Central User Administration) you should set the profile parameter login/password_downwards_compatibility to value 0.

As of SAP_BASIS 7.02 the ABAP system will [support (iterated) random-salted password hashs|https://service.sap.com/sap/support/notes/991968].

ABAP systems prior to 7.00 should apply [SAP note 874738|https://service.sap.com/sap/support/notes/874738] (Codeversion E, login/password_charset = 2).

Kindly notice that it's highly advised to prevent access to database table content (in general), in particular also to password hash value (see also: /etc/passwd in UNIX systems) - see [SAP note 1237762|https://service.sap.com/sap/support/notes/1237762].

In all releases, you should make use of the [(release-dependent) capabilities to define a strong password policy|http://help.sap.com/saphelp_nw04s/helpdata/EN/22/41c43ac23cef2fe10000000a114084/content.htm] (coutermeasure against dictionary attacks).