password-hash-algorithm

Parameters

md5crypt

Uses MD5 Crypt as the hash algorithm. This setting is the default value.

sha256crypt

Uses SHA-256 Crypt as the hash algorithm.

Guidelines

The password-hash-algorithm command specifies the hash algorithm that is applied to passwords for locally defined users before the passwords are stored.

• In FIPS 140-2 Level 1 mode, the DataPower® Gateway cannot check MD5 Crypt password entries because MD5 is banned in this mode. If any existing account passwords use MD5 Crypt, the DataPower Gateway refuses to enter FIPS 140-2 Level 1 mode to avoid user lockout. To successfully enter FIPS 140-2 Level 1 mode, you must select sha256crypt and then change the password on any existing user accounts that used MD5 Crypt when last changed.
• Firmware releases before 6.0.1 do not support SHA-256 Crypt passwords. If you need to downgrade to a release before 6.0.1, you must select md5crypt and then change the password on any existing user accounts that used SHA-256 Crypt when last changed. Only after such configuration is downgrading to the release before 6.0.1 allowed. This check is to avoid user lockout.