SAP® Documentation

Single view

login/password_hash_algorithm - encoding and hash algorithm used for new passwords

Addresses (Business Address Services)   TXBHW - Original Tax Base Amount in Local Currency  
This documentation is copyright by SAP AG.
SAP E-Book
------------------------------------------------------------------------
| Parameter : login/password_hash_algorithm |
------------------------------------------------------------------------
------------------------------------------------------------------------
| Short Description : Format and hash algorithm for new passwords |
------------------------------------------------------------------------
------------------------------------------------------------------------
| Parameter description : |
| ----------------------- |
| |
| As of SAP_BASIS 7.10, password hash values are calculated using a |
| standardized hash procedure. This is usually the "(random) salted" |
| hash procedure; with this method, a randomly-generated value |
| ("salt") is also used, in addition to the password, to calculate the |
| password hash value; the hash value calculation can also be |
| performed more than once successively (that is, iterated), to make |
| dictionary and brute force attacks more difficult. |
| |
| If you are using iterated hash procedures, you need to balance |
| performance loss and security gain. |
| |
| This profile parameter is evaluated when calculating new password |
| hash values (but not, however, when checking password hash values |
| at logon), to determine the hash procedure and the coding format. |
| |
| |
| Normally, you should not need to change the value from the default |
| value specified by the kernel. |
| In this way, you automatically profit from continual further |
| development in the area of password hash procedures. |
| |
| For more information, see also SAP Note 991968. |
------------------------------------------------------------------------
------------------------------------------------------------------------
| Application area: Logon |
------------------------------------------------------------------------
------------------------------------------------------------------------
| Unit : Special character string |
------------------------------------------------------------------------
------------------------------------------------------------------------
| Default Value : Depends on the current kernel version |
------------------------------------------------------------------------
------------------------------------------------------------------------
| Who permitted to make changes: The customer |
------------------------------------------------------------------------
------------------------------------------------------------------------
| Limitations for operating systems: None |
------------------------------------------------------------------------
------------------------------------------------------------------------
| Limitations for database systems: None |
------------------------------------------------------------------------
------------------------------------------------------------------------
| Other Parameters Affected or Dependent: |
| |
| If profile parameter %%login/password_downwards_compatibility%% |
| is set to the value 5, only old hash values are created. In this |
| case, this profile parameter has no effect. |
------------------------------------------------------------------------
------------------------------------------------------------------------
| Valid Input, Formats, Areas: |
| |
| encoding=[format], algorithm=[algorithm], saltsize=[number of bits] |
| |
| With some hash algorithms, you also need to make additional |
|specifications. For example, with the hash algorithm "iSSHA-1", you |
| need to specify the number of iterations: |
| |
| algorithm=iSSHA-1, iterations=[number of hash iterations] |
| |
| The list of supported algorithms and coding formats is not static. |
| Additional algorithms and coding formats can be provided by new |
| kernel versions. This documentation can therefore be incomplete. |
| For a complete list of all supported procedures and the associated |
| parameter format specifications, which is always kept up-to-date, |
| see SAP Note 991968. |
| |
------------------------------------------------------------------------

------------------------------------------------------------------------
| Short Description : encoding and hash algorithm used for new passwords
------------------------------------------------------------------------

------------------------------------------------------------------------
| Applications Area : Login
------------------------------------------------------------------------

------------------------------------------------------------------------
| Parameter Type : S
------------------------------------------------------------------------

------------------------------------------------------------------------
| Changes allowed : X
------------------------------------------------------------------------

------------------------------------------------------------------------
| Valid for Operating System : *
------------------------------------------------------------------------

------------------------------------------------------------------------
| Dynamic switchable : X
------------------------------------------------------------------------

------------------------------------------------------------------------
| Same on all Servers : X
------------------------------------------------------------------------


General Material Data   BAL Application Log Documentation  
This documentation is copyright by SAP AG.

Length: 7445 Date: 20191022 Time: 212011     sap01-206 ( 2 ms )

Our Service

Looking for Support? Questions?

The

Consolut

Callback-Service

Leave us your contact details and we will call you back. Panels marked with * are mandatory.