11-28-2007 10:36 PM
I believe that in Netweaver 6.4 and above SHA-1 is used for password encryption. Does anyone know if a 'salt' is used when encrypting? If not, can use of a 'salt' be configured, and also verified? Thanks in advance.
11-29-2007 8:36 AM
Hi Ron,
1st of all: SHA-1 is a hash function; that has nothing to do with encryption; encrypted data can be decrypted - however hashed data cannot be converted back to plain text. That's an advantage (when dealing with passwords).
Well, as of NetWeaver 7.0 (aka "2004s") ABAP systems support not only case-sensitive and longer passwords (up to 40 characters) but also use SHA-1 to calculate the password hash value. Yes, a salt is used - it's a deterministic salt (not a random salt) which is calculated based on the plaintext password and the userID. So, if two users have the same plaintext password their password hash values are different.
As of NetWeaver 7.1 ABAP systems do support (iterated) random-salted password hash algorithms (iterated SSHA-1).
Related SAP Notes:
- <a href="https://service.sap.com/sap/support/notes/1023437">1023437</a> (NW 7.0)
- <a href="https://service.sap.com/sap/support/notes/991968">991968</a> (NW 7.1)
Regards, Wolfgang
11-29-2007 8:36 AM
Hi Ron,
1st of all: SHA-1 is a hash function; that has nothing to do with encryption; encrypted data can be decrypted - however hashed data cannot be converted back to plain text. That's an advantage (when dealing with passwords).
Well, as of NetWeaver 7.0 (aka "2004s") ABAP systems support not only case-sensitive and longer passwords (up to 40 characters) but also use SHA-1 to calculate the password hash value. Yes, a salt is used - it's a deterministic salt (not a random salt) which is calculated based on the plaintext password and the userID. So, if two users have the same plaintext password their password hash values are different.
As of NetWeaver 7.1 ABAP systems do support (iterated) random-salted password hash algorithms (iterated SSHA-1).
Related SAP Notes:
- <a href="https://service.sap.com/sap/support/notes/1023437">1023437</a> (NW 7.0)
- <a href="https://service.sap.com/sap/support/notes/991968">991968</a> (NW 7.1)
Regards, Wolfgang