Encryption for service tools user ID passwords

Edit online

Password encryption using Data Encryption Standard (DES), Secure Hash Algorithm (SHA), Start of change and Password-based Key Derivation Function 2 (PBKDF2) with HMAC SHA512 (SHA-2 512 bit)End of change.

Password level 1, DES encryption

When you use DES encryption, service tools user IDs and passwords have the following characteristics:

  • Use 10-digit, uppercase user IDs.
  • Use 8-digit, case-sensitive passwords. When you create a user ID and password, the minimum required for the password is 1 digit. When you change a password, the minimum required is dependent upon the minimum password length.
  • Passwords for user IDs do not expire after 180 days.
  • Even though passwords don't expire at password level 1, they still can be created as expired.
  • By default, the initial passwords for IBM-supplied service tools user IDs are set as expired.

Password level 2, SHA encryption

When you use SHA encryption, service tools user IDs and passwords have the following characteristics:

  • Use 10-digit, uppercase user IDs.
  • Use 128-digit case-sensitive passwords. The password must follow the password rules set in SST. This includes the minimum and maximum password length.
  • Start of changeBy default, passwords are initially set as not expired (unless explicitly set on the display to expire).End of change
Start of change

Password level 3, Password-based Key Derivation Function 2 (PBKDF2) with HMAC SHA512 (SHA-2 512 bit) encryption

When you use PBKDF2 with HMAC SHA512 encryption, service tools user IDs and passwords have the following characteristics:

  • Use 10-digit, uppercase user IDs.
  • Use 128-digit case-sensitive passwords. The password must follow the password rules set in SST. This includes the minimum and maximum password length.
  • By default, passwords are initially set as not expired (unless explicitly set on the display to expire).
End of change

Change to use SST password level 2 Start of changeor 3End of change

To change to use SST password level 2 Start of changeor 3End of change, perform the following steps using SST, DST, or the Change SST Security Attributes (CHGSSTSECA) command.

Using SST:
  1. Access SST
  2. Select option 8 (Work with Service Tools Server Security and devices).
  3. Select option 4 (Change service tools password level), enter new password level (2 Start of changeor 3End of change), and press Enter.
  4. Press Enter again to confirm your change. The current password level is displayed.
Using DST:
  1. Access DST
  2. Select option 5 (Work with DST environment).
  3. Select option 4 (Service tools security data).
  4. Select option 6 (Change service tools password level), enter new password level (2 Start of changeor 3End of change), and press Enter.
  5. Press Enter again to confirm your change. The current password level is displayed.
Using the Change SST Security Attributes (CHGSSTSECA) command:
  1. Specify a value of 2 Start of changeor 3End of change for the Service tools password level (SSTPWDLVL) parameter.
  2. To display the current password level use the Display SST Security Attributes (DSPSSTSECA) command.