SAP password hash algorithms

Hi there,

in this article, I’ll summarize, what I found out about SAP’s password storage mechanism (for SU01 users, not the SecStore).

Basics

The passwords of all users are stored in table USR02 as one (or more) cryptographic hash value(s).
Table USH02 and some others contain the password history (see SAP Note 1484692). This history used to be limited to the last 5 entries per user before NW 7.0; meanwhile, the number of entries is customizable via the profile parameter login/password_history_size (see SAP Note 862989).

The hash algorithm has changed several times over time – either due to weaknesses or as a result of the increase in computing performance (see “CODVN H” below).

Per definition, the result of a cryptographic hash function is/should be irreversible, i.e. one cannot/shouldn’t be able to retrieve the plain text password from the hash value… but that’s the point where the fun starts! 😎
SAP Note 1237762 gives a good overview of hash attacks and has some rather helpful tips on how to prevent them!

The password cracking tool John the Ripper (with the “Jumbo” patch) supports two of SAP’s common hash algorithms (CODVN B & F/G). Give it a try, if you’re serious about the security of your passwords!

Hash algorithms

This table summarizes the details of all currently available password hash algorithms (as per Q4/2012):

USR02-
CODVN
Algo-
rithm
Max. Passw. LengthPw.
Case
CharsetSaltNotesSAP NoteHash in
USR02-...
A?8upperASCII
(limited)
Character 1-6 of the username
(upper-case)
Unsupported characters (probably the same as with CODVN B) in the password and salt are replaced by an apostrophe (»'«).
Superseded by code version B (automatic migration during logon).
721119BCODE
BMD5-based8upperASCII
(limited)
Username
(upper-case)
Unsupported characters (see note) in the password and salt are replaced by »^«735356BCODE
C-Never implemented-
DMD5-based8upperUTF-8Username
(upper-case)
Superseded by code version E
(but almost identical)
-BCODE
EMD5-based8upperUTF-8Username
(upper-case)
Correction of code version D874738BCODE
FSHA1-based40sensitiveUTF-8Username
(upper-case)
-1488159PASSCODE
G= Code versions B & FBCODE &
PASSCODE
Hgeneric hash
(curr. only iSSHA-1)
40sensitiveUTF-8randomHash algorithm and options can be set via parameter login/password_hash_algorithm991968PWDSALTEDHASH
I= Code versions B, F & HBCODE,
PASSCODE &
PWDSALTEDHASH

The MD5- and SHA1-based algorithms consist of two hash iterations with “some Walld0rf magic” in-between — for details, have a look at this posting in the john-users mailing list.

Kernel & profile parameters

The following has an impact on the used hash algorithm:

  • the SAP kernel version
  • the profile parameters:
    • login/password_charset
    • login/password_downwards_compatibility — if available

The following tables show the effect of the above on the hash algorithm on some test-systems:

Sources & further reading

Here’s where the information in the above “Hash algorithms” table came from – plus additional resources:

  • SAP Note 2467: Password rules and preventing incorrect logons
  • SAP Note 721119: Logon with (delivered) default user fails
  • SAP Note 735356: Special character in passwords; reactivation not possible
  • SAP Note 862989: New password rules as of SAP NetWeaver 2004s
  • SAP Note 874738: New password hash calculation procedure (code version E)
  • SAP Note 991968: Value list for login/password_hash_algorithm
  • SAP Note 1023437: Downwardly incompatible passwords since NW2004s
  • SAP Note 1237762: Protection against password hash attacks
  • SAP Note 1300104: CUA – New password hash procedures – Background information
  • SAP Note 1458262: Recommended settings for password hash algorithms
  • SAP Note 1484692: Protect read access to password hash value tables
  • SAP Note 1488159: SUIM – RSUSR003 – Incorrect results for CODVN = F

Happy reading — these links contain really helpful hints! 😛

6 comments

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.