topic Re: More secure using {SAS003} or {SAS005} in Administration and Deployment

More secure using {SAS003} or {SAS005}

siddhu1 — Mon, 08 May 2023 13:02:18 GMT

Hello Team, In our project, generally we use {SAS003} which uses 16-bit in encrypting the password. Can we use the {SAS005} which is the 64-bit for the same in terms of more secure. Want to know which one is more secure in encrypting the password. Is it {SAS003} or {SAS005}. Thanks in Advance, Siddhu1

Re: More secure using {SAS003} or {SAS005}

doug_sas — Mon, 08 May 2023 14:32:27 GMT

SAS005 uses a fixed key, a 64bit random salt, the SHA256 hash, and 10000 iterations to generate an encryption key for AES.

SAS003 uses a fixed key, a 16bit random salt, the SHA1 hash, and 1200 iterations to generate an encryption key for AES.

Due to the use of a longer salt, better hash algorithm, and is hashed for more iterations, SAS005 is more secure.

Re: More secure using {SAS003} or {SAS005}

SASKiwi — Mon, 08 May 2023 22:17:53 GMT

If you store the encrypted passwords in open code, these are easily open to reuse by other SAS users regardless of the encryption method.