More secure using {SAS003} or {SAS005}

siddhu1 · Posted 05-08-2023 09:02 AM

Hello Team, In our project, generally we use {SAS003} which uses 16-bit in encrypting the password. Can we use the {SAS005} which is the 64-bit for the same in terms of more secure. Want to know which one is more secure in encrypting the password. Is it {SAS003} or {SAS005}. Thanks in Advance, Siddhu1

doug_sas · Posted 05-08-2023 10:32 AM

SAS005 uses a fixed key, a 64bit random salt, the SHA256 hash, and 10000 iterations to generate an encryption key for AES.

SAS003 uses a fixed key, a 16bit random salt, the SHA1 hash, and 1200 iterations to generate an encryption key for AES.

Due to the use of a longer salt, better hash algorithm, and is hashed for more iterations, SAS005 is more secure.

SASKiwi · Posted 05-08-2023 06:17 PM

If you store the encrypted passwords in open code, these are easily open to reuse by other SAS users regardless of the encryption method.

More secure using {SAS003} or {SAS005}

Re: More secure using {SAS003} or {SAS005}

Re: More secure using {SAS003} or {SAS005}