Encryption for service tools user ID passwords
Password encryption using Data Encryption Standard
(DES), Secure Hash Algorithm (SHA), and
Password-based Key Derivation Function 2 (PBKDF2) with HMAC SHA512 (SHA-2 512 bit)
.
Password level 1, DES encryption
When you use DES encryption, service tools user IDs and passwords have the following characteristics:
- Use 10-digit, uppercase user IDs.
- Use 8-digit, case-sensitive passwords. When you create a user ID and password, the minimum required for the password is 1 digit. When you change a password, the minimum required is dependent upon the minimum password length.
- Passwords for user IDs do not expire after 180 days.
- Even though passwords don't expire at password level 1, they still can be created as expired.
- By default, the initial passwords for IBM-supplied service tools user IDs are set as expired.
Password level 2, SHA encryption
When you use SHA encryption, service tools user IDs and passwords have the following characteristics:
- Use 10-digit, uppercase user IDs.
- Use 128-digit case-sensitive passwords. The password must follow the password rules set in SST. This includes the minimum and maximum password length.
By default, passwords are initially set as not expired (unless explicitly set on the display to expire).
![Start of change](./delta.gif)
Password level 3, Password-based Key Derivation Function 2 (PBKDF2) with HMAC SHA512 (SHA-2 512 bit) encryption
When you use PBKDF2 with HMAC SHA512 encryption, service tools user IDs and passwords have the following characteristics:
- Use 10-digit, uppercase user IDs.
- Use 128-digit case-sensitive passwords. The password must follow the password rules set in SST. This includes the minimum and maximum password length.
- By default, passwords are initially set as not expired (unless explicitly set on the display to expire).
![End of change](./deltaend.gif)
Change to use SST password level 2
or 3![End of change](./deltaend.gif)
To change to use SST password level 2 or 3
, perform the following steps using SST, DST,
or the Change
SST Security Attributes (CHGSSTSECA) command.
Using SST:
- Access SST
- Select option 8 (Work with Service Tools Server Security and devices).
- Select option 4 (Change service tools password level), enter new password level (2
or 3
), and press Enter.
- Press Enter again to confirm your change. The current password level is displayed.
Using DST:
- Access DST
- Select option 5 (Work with DST environment).
- Select option 4 (Service tools security data).
- Select option 6 (Change service tools password level), enter new password level (2
or 3
), and press Enter.
- Press Enter again to confirm your change. The current password level is displayed.
Using the Change
SST Security Attributes (CHGSSTSECA) command:
- Specify a value of 2
or 3
for the Service tools password level (SSTPWDLVL) parameter.
- To display the current password level use the Display SST Security Attributes (DSPSSTSECA) command.