Parameter
login/password_hash_algorithm
Short text
Format and hash algorithm for new passwords
Parameter Description
Since SAP_BASIS 7.02, password hash values are calculated with a standardized hash procedure. This is usually the “(random) salted” hash procedure; with this method, a randomly-generated value (“salt”) is also used, in addition to the password, to calculate the password hash value; the hash value calculation can also be performed more than once successively (that is, iterated), to make dictionary and brute force attacks more difficult.
If you are using iterated hash procedures, you need to balance performance loss and security gain.
This profile parameter is evaluated when calculating new password hash values (but not, however, when checking password hash values at logon), to determine the hash procedure and the coding format.
Normally, you should not need to change the value from the default value specified by the kernel. In this way, you automatically profit from continual further development in the area of password hash procedures.
More information: SAP Note 991968.
Application Area
Logon
Parameter Unit
Special character string
Default Value
Depends on the current kernel version
Who is permitted to make changes?
The customer
Operating System Restrictions
None
Database System Restrictions
None
Are other parameters affected or dependent?
If profile parameter login/password_downwards_compatibility is set to the value 5, only old hash values are created. In this case, this profile parameter has no effect.
Values allowed
encoding=[format], algorithm=[algorithm], saltsize=[number of bits]
With some hash algorithms, you also need to make additional specifications. For example, with the hash algorithm “iSSHA-1”, you need to specify the number of iterations:
algorithm=iSSHA-1, iterations=[number of hash iterations]
The list of supported algorithms and coding formats is not static. Additional algorithms and coding formats can be provided by new kernel versions. This documentation can therefore be incomplete. For a complete list of all supported procedures and the associated parameter format specifications, which is always kept up-to-date, refer to SAP Note 991968.
