04-19-2007 11:32 PM
Hello, Regarding password encryption, which algorithm is used by SAP for password encryption? Is it one of the standard algorithms, or is it proprietary? Thanks in advance for any responses...
04-19-2007 11:39 PM
Ron,
There are several different algorithms depending on what SAP version you are on.
Read the following for older versions:
<a href="http://www.openwall.com/lists/john-users/2005/12/11/1">http://www.openwall.com/lists/john-users/2005/12/11/1</a>
after netweaver 6.4 the password hash algorithm changed from MD5 to SHA-1.
In addition the newer versions have much greater security due to being case sensitive, length and the way they are stored.
Cheers,
Ben
04-19-2007 11:39 PM
Ron,
There are several different algorithms depending on what SAP version you are on.
Read the following for older versions:
<a href="http://www.openwall.com/lists/john-users/2005/12/11/1">http://www.openwall.com/lists/john-users/2005/12/11/1</a>
after netweaver 6.4 the password hash algorithm changed from MD5 to SHA-1.
In addition the newer versions have much greater security due to being case sensitive, length and the way they are stored.
Cheers,
Ben
04-20-2007 9:11 PM
With nearly every release (and sometimes even with a patch) new password encoding mechanisms ("code versions") or password rules / features have been implemented.
With NetWeaver 7.0 a major step was taken by supporting longer and now case-sensitive passwords (see <a href="https://service.sap.com/sap/support/notes/1023437">SAP Note 1023437</a>).
With NetWeaver 2007 (7.10) random-salted password hash algorithms will be supported (see <a href="https://service.sap.com/sap/support/notes/991968">SAP Note 991968</a>).
Cheers, Wolfgang (just returned from vacation)
03-14-2013 6:05 PM
Hi there,
have a look at this overview of the various possible password hash algorithms:
http://www.daniel-berlin.de/security/sap-sec/password-hash-algorithms/
Regards,
Daniel