The process of hacking will be explained and appropriate countermeasures will be explained. This blog series will explain the process of hacking SAP password hashes: also know as SAP password hacking.
Before the setting the PWDSALTEDHASH field has this value: If you don't do it properly, you might get the issue reported in OSS note 3043774 - Iterated salted hash is empty after having assigned or changed a password. The syntax is listed in OSS note 991968 - List of values for "login/password_hash_algorithm". In RZ11 you need to set parameter login/password_hash_algorithm to exactly this value: encoding=RFC2307, algorithm=iSSHA-512, iterations=15000, saltsize=256. Note 2140269 – ABAP password hash: supporting salt sizes up to 256 bits describes the actual parameter value. Main blog for SAP password hash algorithm is 1458262 – ABAP: recommended settings for password hash algorithms. How can I strengthen my SAP password hash?.Questions that will be answered in this blog are: By increasing the complexity of the hash, you can slow down this process.
0 kommentar(er)
