Hi,

Also follow the following

/people/sap.user72/blog/2005/10/19/attention-security-administrators-new-password-rules-are-on-their-way

After SAP NetWeaver 6.40, the password hash algorithm is changed from MD5 to SHA-1. This means that more secure hash values, which are not backward-compatible, and which make reverse engineering attacks difficult, can be generated. By default, new systems generate two hash values: a backward-compatible value and a new value. However, you can configure the system so that only the new hash value, which is not backward-compatible, is generated. You can set the degree of backward compatibility with the profile parameter login/password_downwards_compatibility.

The system can determine the type (new or old) of the current user password at any time. During logon, the system calculates the password hash based on the entered data and in accordance with the information from the user master record (see the hash procedure used) and compares the hash values. The system decides itself which part of the entered password is evaluated.

· If the user master record shows that the user’s password was encrypted with the old password hash algorithm, the system only evaluates the first eight characters and converts these to upper-case

· If the user master record shows that the user’s password is encrypted with the new password hash algorithm, the system evaluates all characters as they were entered (up to 40 characters, with no conversion to upper-case).

The new functions do not initially have any consequences after the upgrade; the operation of the system and password queries continue to run as usual. The passwords of the new type gradually replace the passwords of the old type.

Do reward with points.

REgards.