login/password_hash_algorithm SAP Parameter attribute - encoding and hash algorithm used for new passwords

login/password_hash_algorithm is a SAP Parameter attribute which is used to control encoding and hash algorithm used for new passwords information. This is available within R/3 SAP systems depending on the version and release level.

Below is the standard documentation available and a few details of the attributes values .

login/password_hash_algorithm profile paramerter attributes

Parameter Name: login/password_hash_algorithm
Description: encoding and hash algorithm used for new passwords
Default Value: encoding=RFC2307, algorithm=iSSHA-1, iterations=1024, saltsize=96
Parameter Type ( See IF_PARAMETER_TYPES): String(STRING)
Restriction Values:
Parameter Unit:
Parameter Group: Login
CSN Component: BC-SEC-LGN
System-Wide parameter: Yes
Dynamic Parameter: Yes
Vector Parameter: No
Has Sub-Parameters: No
Check Function Exists: No

Parameter documentation

Since SAP_BASIS 7.02, password hash values are calculated with a standardized hash procedure. This is usually the "(random) salted" hash procedure; with this method, a randomly-generated value ("salt") is also used, in addition to the password, to calculate the password hash value; the hash value calculation can also be performed more than once successively (that is, iterated), to make dictionary and brute force attacks more difficult.
If you are using iterated hash procedures, you need to balance performance loss and security gain.
This profile parameter is evaluated when calculating new password hash values (but not, however, when checking password hash values at logon), to determine the hash procedure and the coding format.

Normally, you should not need to change the value from the default value specified by the kernel. In this way, you automatically profit from continual further development in the area of password hash procedures.
More information: SAP Note 991968.


See SAP Parameter Documentation for full SAP documentation for this profile parameter.